As more and more consumers adopt connected products, security and privacy become critically important. Internet of Things device manufacturers are in a race to go to market with their products, often with security as an afterthought. Here at ZitoVault we want to share a few pointers to consider when adopting IoT devices. These practical tips will help you protect your devices from malicious attackers looking to exploit vulnerabilities.
1- Keep devices up to date
It is crucial to keep IoT devices and routers updated to the most recent software version. It might be tempting to ignore those pesky little reminders and pop ups, but here is why you shouldn’t: A report by HP discovered that 44% of known breaches last year were caused by vulnerabilities in devices between 2 and 4 years old. Take a proactive approach to prevent yourself from becoming another one of the low hanging fruits for hackers to take advantage of.
2- Change the default password for your IoT devices and your router
Today’s devices have become so user-friendly that people can be lured into thinking that as soon as a new device is up and running, well that’s the end of that…Wrong! Take the extra 2 minutes to change the default admin and password settings to unique ones. A simple Google search of the IoT device’s make and model can retrieve the default password. This is the first line of defense to your network because hackers can gain intel on your personal network through your IoT devices, which can eventually lead to a data breach.
3- Consider what data you provide to the IoT device or service
Ask yourself questions when a device is requesting personal details. Does my connected washing machine really need my full name and birthday? Does it devalue the product’s benefits if I don’t provide this information? Use your imagination and pick a nickname/alias with altered personal details to mitigate risk in case your device becomes compromised. You are not lying to anyone if it is your own personal device; it just creates another layer of protection from someone who may be looking to collect data about you for a potential identity breach.
4- Read the terms and conditions, especially the privacy section
This can be a pain, and really has anyone ever read the entire terms of agreement document? Maybe a few have, but the rest of us can streamline our approach by only reading the privacy terms. Determine answers to the questions: Who owns your data? Where is your data stored? With whom is it shared? After answering these simple questions, you will have a much clearer picture of what the device’s intentions are with your personal data.
A recent smart TV manufacturer proved why this practice is useful in retaining your privacy. In the privacy terms it stated, “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.” Would you be okay with personal conversations being transmitted to an unknown third party? Some companies have “opt out” clauses where you can choose not to participate in sharing of your data.
5- Be careful when selling your IoT device(s) and when purchasing used IoT devices
It can be tempting to buy and sell used IoT devices from an outside party, however it is important to take some things into consideration before doing so. It is becoming more common for hackers to implant malware or a backdoor on components that make their way to your smart home. Now you have a mole in your own home that is capable of malicious activity, invading your privacy. When you sell a used IoT device, make sure to destroy all personal data stored on the device. A recommended way of accomplishing this is by restoring the device back to the factory settings.
The Internet of Things is a fascinating and highly appealing market for consumers, with limitless potential for added convenience and efficiency. With that being said, in this emerging market there are many potential security flaws. Users need to take a proactive, educated approach in order to protect themselves. Take these 5 steps into consideration to safeguard your identity and private information.