Cyber Threat Blog

Keep your home secure on the Internet of Things (IoT)

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

The Internet of Things (IoT) is enriching our lives with automation conveniences by eliminating simple tasks such as adjusting the thermostat and turning off the lights.  As these creature comforts bring a new digital zen to our lives they introduce a risk that most who use these gadgets are not prepared for.  

Using analog devices (devices not connected to a computer network) is the only foolproof way to stay secure in the IoT world.  Anything that you connect to a computer network becomes a potential security risk.  This strategy of living “off the grid,” works well if you are really paranoid or not interested in digital features.  For those of us craving the latest technology, living securely “on the grid,” is a more practical solution.  

The old dishwasher without a Wi-Fi connection works great, but why live with just that when the new model tells your phone the dishes are clean and automatically orders more dishwasher soap from Amazon.  Taking advantage of these new IoT features and staying relatively secure is possible with these recommendations.  

When selecting an IoT enabled product, chose a vendor with a strong track of dedication to cyber security.   Take a look at the vendor’s website that produces the IoT device before you purchase it and ask several critical questions.

  • Do they address cyber security or product security on their website?
  • Do they have track record of software updates to address potential vulnerabilities?
  • Does the device have any industry security certifications?
  • Do they have an emergency response process and team that quickly responds to any potential security vulnerabilities?  

Don’t see anything on their website?  Give the vendor a call and see if they can address your security questions over the phone.  If you are finding the manufacturer is in the dark about cyber security, you probably should consider a different vendor.  Stay away from product manufacturers that are not addressing cyber security head on. 

An additional resource to examine is the US National Vulnerability Database, this database lists products and publicly known security vulnerabilities for those products.  Being listed in the database is not an indicator that a product is not secure, having a patch to the listed vulnerability is what matters.  Perform a keyword search of the database the product name or manufacturer you are considering.  If you find a vulnerability for your product, verify the references in the listing point to a patch for the security issue.

Once you have purchased a product ensure you set it up properly.  First, make sure the home network hosting your IoT device is secure.  You should consider the following before connecting the new IoT product to your home network. 

  • Use a hardwired Ethernet connection if possible rather than Wi-Fi
  • Implement strong Wi-Fi encryption, called WPA2 encryption on your wireless router
  • Create a strong Wi-Fi password for your WPA2 wireless network
  • Ensure the administrator console of your router is not accessible via the Internet
  • Update your Wi-Fi router with the latest software updates
  • Turn on router log-in email notifications, if your router has this option
  • Create a separate and segmented SSID for your IoT devices, if your router has this option
  • Block traffic from crossing between your IoT device SSID and other SSIDs, if your router has this option

The next step is to setup and configure your new IoT device to take advantage of its security features. The security features of every device will vary but these are typical security hygiene features we recommend that you setup on your IoT device.  

  • Download the latest software security updates for your new IoT device
  • Configure the device to automatically update when new updates become available
  • Enable Two Factor Authentication for your log-in credentials, if your product has this feature 
  • Create a strong password for logging-in to your device
  • Turn on log-in email notifications, if your device has this feature
  • Enable logging on your IoT device, if your device has this feature

To further advance the protection of your IoT product, we recommend using a next generation firewall to protect your home network. We stress this to our customers as it provides an additional line of defense and assists in identifying anyone trying to compromise your IoT devices. This is especially important if you have a higher risk profile.  Consult a cyber security or IT professional to have one implemented.

Make your house a smart home but do it securely and enjoy the automatically adjusting thermostats, lights, locks, appliances, TVs and devices that are yet to be invented.  Start exploring the world of IoT today knowing that you have taken the right steps to stay secure.

About Private Client Cyber Security

We provide enterprise grade cyber security services to professional practices and high net worth clients.

Founded by former defense industry executives who recognized that small to medium sized business are underserved by large cyber security companies.

We strive to provide a personal, professional and a next generation technology level of cyber protection to our clients. 

Twitter @PCCyberSecurity

New York NY | Washington DC | Bethesda MD | Chicago IL | Los Angeles CA
© 2015 Private Client Cyber Security. All Rights Reserved.

Search