Securing the Internet of Things

IF YOU CONNECT IT, PROTECT IT

Now more than ever, you are spending increasing amounts of time on the internet. With every social media account you sign up for, every picture you post, and status you update, you are sharing information about yourself to the world. How can you be proactive and “Do Your Part. #BeCyberSmart”?

Why Should You Care?

The line between your online and offline lives has almost become indistinguishable. While you are used to computers, phones, and tablets connecting to the internet, there are Internet of Things (IoT) devices that are also connected, that you don’t normally think about

The Internet of Things (IoT) is an object or device that sends and receives data automatically through the internet. This technology is rapidly expanding, and is everywhere. This technology provides you with a level of convenience to your life, but it requires that you share more information than ever. The security of this information and the security of these devices, is not always guaranteed

Cars, smart TVs, computers, toys, games, appliances, fitness trackers, smart watches and other wearables, lighting, healthcare, home security and more all contain sensing devices that can talk to another machine and trigger other actions. Examples include devices that direct your car to an open spot in a parking lot, mechanisms that control energy use in your home, and tools that track eating, sleeping and exercise habits. 

Once your device connects to the internet, you and your device could potentially be vulnerable to all sorts of risks. With more connected “things” entering your homes and workplaces each day, it is important that you know how to secure your digital life.

Simple Tips on how to Improve Security of IoT Devices:

Without a doubt, the Internet of Things (IoT) makes our lives easier and has many benefits; but you can only reap those benefits if your internet-enabled devices are secure and trusted. The following are important steps you should consider to make your IoT more secure.

• SHAKE UP YOUR PASSWORD PROTOCOL. - Change your device’s factory security settings from the default password. This is one of the most important steps to take in the protection of IoT devices. Some internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. You should consider using the longest password or passphrase permissible. Get creative and create a unique password/passphrase for each of your IoT devices.

• CREATE LONG AND UNIQUE PASSPHRASES AND USE MFA. - Creating a strong password is easier than you think. A passphrase is similar to a password, it should have at least 15 characters and is hard to guess. It also should contain uppercase and lowercase letters, digits, and at least one special character. No part of your passphrase or password should have anything with personal information about you, your family, or your dog. Passphrases are more difficult to crack, but easy for you to remember.  Example of a passphrase:   SecurityToldM32D0This!   It would take a computer about 2 hundred sextillion years to crack that password. You can go to Howsecureismypassword.net, type in any password you want to make, and see how easy it would be to crack it.
  
  For all your accounts, use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device. While a password may get compromised, MFA increases your account security, forcing whoever uses that password to prove it's really you signing in. MFA will stop them from gaining access to your account.

•  KEEP TABS ON YOUR APPS. - Many connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with apps running in the background or using default permissions you never realized you approved— gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and learn to just say “no” to privilege requests that don’t make sense.
  
  For example:
  Does the hot new photo editing app you downloaded really need access to your contacts?  Most apps will require only the permissions they need to function, but some apps ask for more than what is required. Apps that require your GPS location could include exact locations and times via cellular connections and Wi-Fi hotspots. If the app has permission to full location access, this gives away your exact location at all times. You should consider setting  the permission to “only access location while using the app”. Another app could use your microphone to record audio. Just like access to your camera, this is another crucial permission. This is because some malicious apps could record full private conversations. If an app asks for access to your microphone and there is no need for it to have that access, say NO. Remember to only download apps from trusted vendors and sources.

• SECURE YOUR NETWORK. - Properly secure the wireless network you use to connect Internet-enabled devices. Consider placing these devices on a separate and dedicated network, by creating a “guest” network. Why? Because if a smart device’s security is compromised, it won’t grant an attacker access to your primary devices, such as laptops.

• KEEP SOFTWARE UP TO DATE - When the manufacturer issues a software update, patch it immediately. Updates include important changes that improve the performance and security of your devices. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices.

  Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on.

• DISABLE FEATURES YOU MAY NOT NEED  - IoT devices often come with features you will never need or use. If you can, disable those features to protect your security and privacy.

• CONFIGURE YOUR PRIVACY AND SECURITY SETTINGS - The moment you turn on a new “smart” device, configure its privacy and security settings. Most devices default to the least secure settings--so take a moment to configure those settings to your comfort level. Check your security settings on any apps you use with your devices. Those security settings can change, so keep checking them to make sure your information is private and protected.

• THINK OF WHERE YOU PUT THEM - Particularly for listening devices or ones with cameras, think strategically about where you place them in your home. Do you want them in a child’s room, or where you have sensitive work or family discussions? Designate some of the areas of your home as “safe” rooms from IoT devices.