The Internet of Things: Cybercrime and the Connected Household
The rapidly expanding internet of things (IoT) now encompasses billions of connected machines like smart home technology, wearables and connected cars with over 40 billion connected IoT devices by 2030.
This growth has fueled a corresponding expansion of vulnerabilities. Extra caution is needed to avoid exposing your sensitive personal information to cybercriminals.
Consider the following advice:
IoT cyber safety measures
Screen out devices known to be insecure.
Lists of known faulty IoT devices with flaws or hard-coded accounts can be found online.
Change the default credentials.
The default security settings of your connected devices are often publicly available and far from secure. Disable any “nonessential” services.
Enable multi-factor authentication.
This is especially important if devices and accounts have online portals or mobile apps, which makes it harder for attackers to gain access even if they have passwords.
Conduct regular IoT device audits.
To address security flaws, check firmware as many IoT devices do not update themselves automatically, and remove any outdated or unused devices to reduce attack surfaces over time.
Move IoT devices physically out of sight.
Additionally, disconnect them from the network or power source when not in use. This is especially relevant for devices like cameras, which can inadvertently broadcast footage if compromised.
Here are additional safety protocols you should follow:
- Make sure all IoT devices are running on a “guest” network. This network should be on a separate subnetwork (VLAN) from the highly secured “main” network you use to access any online accounts that contain sensitive information.
- Turn off Universal Plug and Play (UPnP). This technology is designed for convenience. It allows devices and applications to communicate with each other without additional configuration by bypassing security controls. It is a common way for attackers to exploit your network.
- Pay close attention to the data security and privacy policies of IoT manufacturers. Many IoT devices depend on cloud services or Bluetooth connections to function fully. This makes it possible for sensitive data to sync to these services without your knowledge.
- Know what data is collected. Recognize how that data can be used for nefarious purposes and try to minimize data collected where possible. For example, data streams from smart robotic vacuums can give attackers a detailed layout of your home. Settings on a smart thermostat can give insight into your schedule, and an internet camera can be used to view your feed in real-time.
- Set up device monitoring or logging. Then, review them for unusual behavior. Some smart home systems and apps offer notifications for unauthorized access attempts or device malfunctions, which can alert users to possible security issues.