Welcome! You may be one of the hundreds of thousands of people who have recently received a free Google Home mini as a gift from Google, or maybe you’re just cybersecurity conscious and you want to take advantage of the fun features of the latest smart home devices without risking your privacy and security.
To help you use your new devices safely, we will share with you a bit of general knowledge about what smart devices are, how you can use them, and what you can do to prevent unauthorized access to your smart devices from cybercriminals.
How to Use Your Smart Devices Securely
A key tenant of cybersecurity is the understanding that if the motive for a cybercriminal is strong enough, they will exploit any vulnerability that is available to them. By proactively securing your smart devices you can reduce the options available to bad actors that would be motivated to gain access to your devices.
1] Secure Your Wifi
Many smart devices connect directly to your wifi network. If your network setup has security vulnerabilities it can become a potential vector for cybercriminals to access your devices.
To get you started we have a brief list of changes you can make today to improve your wifi security, and we encourage you to look into other methods for securing your network as well.
1) Use Strong & Unique Passwords
Speaking of passwords, no cybersecurity checklist would be complete without emphasizing the critical importance of using strong and unique passwords for each and every device and account you have. Whatever you do, do not continue to use the default username and password given to you during the setup process.
Anyone trying to gain unauthorized access to your network will try using the default login credentials, so change the default passwords to one that is at least 20 characters long, hard-to-guess, and unique to your network.
You should follow this step for both your wifi network password as well as the platform you log into to set up your network.
The most common reason for password reuse is that remembering all of the unique logins for everything can be a hassle. To help make maintaining proper password hygiene easier, use a password manager to create and securely store your passwords.
2) Create a Separate Guest Wifi Network
This step may seem advanced if you are not comfortable with home networking setups, but creating a separate wifi network will not cost you anything extra and is often easier to set up than it sounds.
By creating a dedicated network for guests and IoT devices, you can grant access to an internet connection that is separated from your main network. Should your IoT device become compromised (or your guests inadvertently have malware on their devices…) you can prevent unauthorized access to your main network.
3) Change the Default Name of Your Wifi
The name of your wifi network is also known as the SSID (Service Set Identifier). If you opt to use the default name given to you by the manufacturer, anyone that can see your wifi network name is given a hint to the manufacturer of your device and they can target their efforts to known vulnerabilities for that manufacturer such as attempting to access your network using known default passwords.
4) Enable the Latest Wifi Encryption
Wifi security standards have adapted over time to better withstand against security vulnerabilities. At the time of this writing the most up-to-date wifi hardware certification/encryption is WPA3 (Wifi Protected Access 3).
Devices that support WPA3 or its predecessor WPA2 give you an extra layer of security by encrypting data sent over your network, preventing cybercriminals from intercepting data sent over your network. The methods for doing this will depend on your provider, and many providers will have encryption enabled by default.
5) Update Your Router’s Firmware
Any cybersecurity plan is going to include keeping your device’s security updates current, and your router is no exception. If your router does not support automatic updates you should get into the habit of updating frequently and you may even want to consider updating to the latest router hardware if you are using an older model.
6) Disable Remote Access
If your router allows you to access your configuration settings remotely (when not directly connected to your network), you should disable this as soon as possible.
Most users will not need to access their network configuration when they are not at home, and leaving this option enabled will give cybercriminals another potential avenue to exploit. The methods for doing this will depend on your provider – search for terms such as “Remote Access” or “Remote Administration”.
7) Do Not Connect to Public Wifi Networks
If your residence is near a public wifi hotspot, it may be tempting to use it in order to reduce the amount of data transmitted over your home network.
Unfortunately, public wifi networks are attractive targets for cybercriminals and the lack of control you have over the security of other networks means you are forced to conform to the security standards of the public wifi, which are often minimal at best.
For the very same reasons you shouldn’t connect your devices to these public wifi networks, you should also refrain from using your smartphone to control your IoT devices.
2] Enable Two-Factor Authentication
Two-factor authentication (TFA/2FA) is any method that uses multiple methods for verifying that anyone trying to access your devices is who they say they are. Typical TFA methods combine the typical username and password combination with another authentication method such as sending a one-time password (OTP) to your cell phone to provide an extra layer of security.
3] Use a Unified Threat Management (UTM) Appliance
If you are serious about cybersecurity and you want to upgrade your home into a fully-developed smart home, you should consider investing in a Unified Threat Management (UTM) appliance. UTMs offer an extra layer of security with anti-malware, firewalls, intrusion detection, content filtering, and even virtual private networks (VPN).
While these devices can be expensive, for anyone considering investing in having their entire home transformed into a smart home with multiple devices interconnected for complete automation and control it is worthwhile to also invest in securing it to prevent having those devices exploited.
4] Do Not Connect Security Devices to Voice Assistants
While it may be tempting to leverage the convenience of voice-activated control for all of your smart devices, it is best not to use voice-activation for your security devices such as cameras, door locks, and alarm systems.
While advancements in voice recognition are improving to avoid false-positives in their voice-matching features, by connecting voice controls to your security system you open up the possibility that a tech-savvy burglar could successfully disable these systems with voice commands.
5] Do Not Use Voice Assistants to Store Sensitive Information
Voice assistants are handy tools for setting reminders, but you should never use them to remember sensitive information such as passwords or credit card information.
In the event that the data inside your smart device is accessed this sensitive data may not have the security features that it warrants as voice assistants are typically not designed with this level of sensitivity in mind.
6] How to Shop Smartly With Voice Assistants
If your voice assistant supports ordering items online, there are extra steps you should take to avoid having children or guests order unwanted items. Set up passcode authentication for any purchases made with your smart speaker, and change this passcode often as eavesdroppers could hear you speaking the code to your assistant.
7] Keep Your Software Updated
This is a tip that bears repeating anytime a discussion arises around cybersecurity – update your software! Security updates are a normal part of keeping safe with any technology, and this includes your smart devices.
When manufacturers discover or are made aware of a vulnerability they are quick to ‘patch’ it with an update. The method for updating may alter slightly depending on the device, but the process is typically straightforward and the impact it has on improving your device security is substantial.
In addition to fixing security vulnerabilities, manufacturers will also often introduce new software-based features to offer greater possibilities for your devices.
About the Author:
Dale Strickland works at CurrentWare Inc, a global provider of employee productivity, compliance and data loss prevention software headquartered in Toronto, Canada.
You may also like.