The IoT (Internet of Things) is a system of interrelated computing devices and objects that transfer data over a network without requiring human-to-human or human-to-computer interaction. The devices are connected to the internet that share data with other devices and systems via the internet.
Globally, the number of IoT device connections is projected to sharply increase 124% from 13.8 billion units to 30.9 billion by 2025 according to Statista. The benefits of IoT devices include increased efficiency, reduced costs, and energy conservation.
However, one must be aware that many devices lack the most basic security protections and pose a risk to safety and privacy. Some examples of IoT devices include security cameras, smart watches, alarms, baby monitors, appliances, vehicles, fitness trackers and medical devices. Attackers exploit the vulnerabilities of some devices to spread malware as well as compromise devices to gain information that can be used to impersonate individuals.
In May this year, an Executive Order on Improving the Nation’s Cybersecurity included a directive for NIST (National Institute of Standards and Technology) to initiate pilot programs for consumer product labeling to educate the public on the security capabilities of IoT devices. It appears, however, that initially the labelling will be voluntary so consumers will have to do their own research to determine the safety of devices for the foreseeable future.
Security Best Practices
- Before Purchasing a New Device, Do Your Homework: Evaluate consumer reviews, determine if there are any security/privacy concerns, and understand what security features the device has or lacks.
- Replace Devices: If there are known vulnerabilities that cannot be resolved or vendor support has ceased, purchase a new device. This may be typical of devices more than 5 years old.
- Always Change Default Logins and Passwords: Many IoT devices come with default passwords. Create unique passwords/passphrases, do not re-use them, and create a different one for each item. And use multi-factor authentication (MFA) whenever possible.
- Isolate Devices on a Separate Wi-Fi Network: This will prevent access to primary devices, such as laptops and computers.
- Configure Privacy and Security Settings: When activating a device, immediately configure the strongest possible settings. Most devices default to the least secure settings.
- Disable Features You May Not Need: If there are features you will never need or use, disable them to protect your privacy.
- Keep Software Current: Immediately update software when a manufacturer issues an update. And set it to automatically update on its own if there is a setting that allows it.
- Think Strategically When Locating Devices: Be attentive to where you place listening devices and cameras example in a child’s room or areas where you have sensitive work or family discussions. You may want to designate parts of your home as “safe” spaces from IoT devices.