If your home is connected, it needs to be protected. IoT devices are the core technology behind the idea of smart homes, and while the latest devices have addressed patches that made their predecessors vulnerable to security breaches, the onus is still on the end user to ensure that their IoT security is up to date.
To help, 10 members of Forbes Technology Council suggest key steps that homeowners can take to protect their IoT systems from hacks, keeping their data and homes safe from malicious users.
1. Install Latest Security Patches
Make sure your IoT devices have the latest security patches installed and keep a close eye on what ports are open/exposed to the outside world from your device. This will keep your perimeter under control, while security patches will help you fight against the latest threats emerging on the market. – Naveen Bachkethi, CBNITS
2. Segment Your Network
Assume the devices will be hacked, so segment your network with the ability to isolate the network, thereby mitigating zero-day exploit impact. Group them together so that you can control network access by manufacturer and use. – Gavin McMurdo, IStreamPlanet
3. Have A Strong Password Policy
IoT devices are typically hacked because of poor passwords or a default password is never changed. Passwords to access your device or to connect to your network should be complex with a minimum of 15 characters, and to be extra secure, you should change them regularly. – Michael Hoyt, Life Cycle Engineering, Inc.
4. Use Multifactor Authentication
If you have the option, use multifactor authentication with your IoT device. Two-factor or multifactor authentication requires you to log in with a second code that’s usually sent through a text message or email. You can use this strategy to add an extra layer of security to your device, which will help keep your data safe. – Thomas Griffin, OptinMonster
5. Keep Your Router Updated
Keep not just your IoT device patched and passwords regularly changed, but the router as well, as it’s often the first line of defense. The Mirai botnet exploited default IoT passwords to great effect. – Ed Adams, Security Innovation
6. Take A Layered Approach
Gone are the days when you just need to protect the front door. There is no more front door, meaning a layered approach to security is essential. Use top-notch tools for monitoring, logging, anti-malware, and intrusion detection. Be on the lookout for any increase in abnormal traffic, whether messaging, network, or system usage, as that’s a top sign you’ve been hacked. – Maddison Long, CloudOps
7. Don’t Use The Default Security Settings
Double-check that you’re not using the manufacturer default security settings. A common mistake is that consumers simply take for granted that the default settings on Wi-Fi and other connected devices are sufficient. They’re not. Make sure to audit your default settings to make sure firewalls and multifactor authentication is active. And above all, change and strengthen your password. – John Shin, RSI Security
8. Maintain A Global Access Map
As consumers use more connected devices and appliances at home, it is important to maintain a “global access map” to have clear visibility of who has access to what. One vulnerability is voice assistants being located near exposed doors or windows while controlling critical actions like opening a garage door or turning on an oven! – Ahmad (Al) Fares, Celitech – Cellular Data Platform
9. Create A Separate Registration Email
Create a separate email alias for all of the registrations (instead of your normal one) and use it. Think “least privilege” and only give access to things that are required for it to work. Ask yourself, “Do I really need that?” The best security is “no.” As I once told a client, “You want this system to be totally secure. Then don’t take it out of the box.” – Thomas Polk, Midwest Eye Consultants, P.C.
10. Ask The Manufacturer About SSL/TLS
Ask the manufacturer if they are using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). We are all familiar with sites using security certificates. Whenever you see the HTTP change to HTTPS, there is a certificate in play. IoT devices call a website just like a browser does. The problem is too many IoT devices are calling sites without enough security. Asking the manufacturers about SSL/TLS will raise the issue. – David Moise, Decide Consulting