In May this year, an Executive Order on Improving the Nation’s Cybersecurity included a directive for NIST (National Institute of Standards and Technology) to initiate pilot programs for consumer product labeling to educate the public on the security capabilities of IoT devices. It appears, however, that initially the labelling will be voluntary so consumers will have to do their own research to determine the safety of devices for the foreseeable future.
Security Best Practices
- Before Purchasing a New Device, Do Your Homework: Evaluate consumer reviews, determine if there are any security/privacy concerns, and understand what security features the device has or lacks.
- Replace Devices: If there are known vulnerabilities that cannot be resolved or vendor support has ceased, purchase a new device. This may be typical of devices more than 5 years old.
- Always Change Default Logins and Passwords: Many IoT devices come with default passwords. Create unique passwords/passphrases, do not re-use them, and create a different one for each item. And use multi-factor authentication (MFA) whenever possible.
- Isolate Devices on a Separate Wi-Fi Network: This will prevent access to primary devices, such as laptops and computers.
- Configure Privacy and Security Settings: When activating a device, immediately configure the strongest possible settings. Most devices default to the least secure settings.
- Disable Features You May Not Need: If there are features you will never need or use, disable them to protect your privacy.
- Keep Software Current: Immediately update software when a manufacturer issues an update. And set it to automatically update on its own if there is a setting that allows it.
- Think Strategically When Locating Devices: Be attentive to where you place listening devices and cameras example in a child’s room or areas where you have sensitive work or family discussions. You may want to designate parts of your home as “safe” spaces from IoT devices.