12 tips to help secure your smart home and IoT devices
Authored by a Symantec employee
As hot new gadgets seek to make your home smarter and more efficient, it’s still up to you to learn how to secure the connected devices throughout your smart home.
Your internet-connected devices — smart TVs, security cameras, smart locks, gaming consoles, smart thermostats — can add a level of convenience to your life, but they could also can make your home and connected devices vulnerable. That’s why it’s important to have a defense plan for securing smart home devices.
The Internet of Things — all those appliances and devices that connect to the internet and to each other on your home network — have created new opportunities for cybercriminals.
Bottom line: If you have a connected home, it needs protection.
Internet of Things devices — IoT devices, for short — can offer new points of entry for cybercriminals.
Cybercriminals have hijacked baby monitors and spied on people using their webcams, for instance. If you own a smart home device, your privacy and security could be at stake.
No one wants a hacker to infiltrate their IoT network. Consider a few scenarios.
- What if a cybercriminal accesses data on your smart thermostat to figure out when you’re home or away?
- What if a hacker gets into your network through an IoT device for a ransomware attack. A ransom could be demanded to get your system working again, with no assurance the cybercriminal will actually restore your access.
- What if someone accesses information you’ve shared with your digital assistant — those voice-activated speakers such as Amazon Echo or Google Home? Maybe you shared passwords or financial information. It could be exposed.
Consider this: At times of peak activity, the average IoT device was attacked once every two minutes, according to the 2017 Internet Security Threat Report, published by Symantec.
That raises security issues.
Cybercriminals target networked homes for different reasons. Here are two examples.
1. Cybercriminals sometimes access your home network though your router.
It happened in 2018. The VPNFilter malware — short for malicious software — infected over half a million routers in more than 50 countries.
VPNFilter is able to install malware onto devices and systems connected to your router — the hardware that allows communication between your connected devices and the internet. It can make your router inoperable. It can also collect information passing through your router. And it can block network traffic and steal your passwords.
Here’s a tip: Symantec has a free online tool to help check if your router is affected by VPNFilter.
2. Cybercriminals can harness the power of your IoT devices.
This happened in 2016, when hundreds of thousands of compromised connected devices were pulled into a botnet dubbed Mirai. A botnet can combine the processing power of small devices to launch a large-scale cyberattack. The result? In this case, major websites such as Spotify, Netflix, and PayPal were temporarily shut down.
The examples show cybercriminals can act locally and globally. They might infiltrate your IoT devices to do you harm. Or they might use your devices and others to launch a broad attack.
Why smart home devices are vulnerable
Home routers and security cameras are top IoT targets for hackers. Why? Because — like most other connected devices — they have little or no built-in security. That makes them vulnerable to malware.
And there’s another reason. Security usually isn’t a top priority for IoT device makers. Their poor security practices could include these:
- No system hardening, which gives a computer system various means of protection and makes it more secure.
- No mechanism for updating software, which can create vulnerabilities.
- Default or hardcoded passwords, which hackers can exploit.
Consider your Wi-Fi router the “front door” to your smart home. Like any front door, it should be solid and equipped with strong locks, in case cybercriminals come knocking.
Building a more secure smart home starts with your Wi-Fi router. It’s the foundational item that connects all your connected devices and makes them operable.
Most people simply use the router provided by their internet service provider, but a lot of independent companies also sell routers.
Once you move to a secure router, it’s a good idea to research the smart devices you might want. Privacy and security are important. Here are some questions to ask:
- What are the privacy policies?
- Will the provider store your data or sell it to a third party?
- How are updates enabled?
Here are some other ways to help secure your smart home.
1. Give your router a name.
Don’t stick with the name the manufacturer gave it — it might identify the make or model. Give it an unusual name not associated with you or your street address. You don’t want your router name to give away any personal identifiers.
2. Use a strong encryption method for Wi-Fi.
In your router settings, it’s a good idea to use a strong encryption method, like WPA2, when you set up Wi-Fi network access. This will help keep your network and communications secure.
3. Set up a guest network.
Keep your Wi-Fi account private. Visitors, friends and relatives can log into a separate network that doesn’t tie into your IoT devices.
4. Change default usernames and passwords.
Cybercriminals probably already know the default passwords that come with many IoT products. That makes it easy for them to access your IoT devices and, potentially, the information on them. Are you considering a device that doesn’t allow you to change the default password? Then consider a different one.
5. Use strong, unique passwords for Wi-Fi networks and device accounts.
Avoid common words or passwords that are easy to guess, such as “password” or “123456.” Instead, use unique, complex passwords made up of letters, numbers, and symbols. You might also consider a password manager to up your security game.
6. Check the setting for your devices.
Your IoT devices might come with default privacy and security settings. You might want to consider changing them, as some default settings could benefit the manufacturer more than they benefit you.
7. Disable features you may not need.
IoT devices come with a variety of services such as remote access, often enabled by default.
If you don’t need it, be sure to disable it.
8. Keep your software up to date.
When your smart phone manufacturer sends you a software update, don’t put off installing it. It might be a patch for a security flaw. Mobile security is important, since you may connect to your smart home through mobile devices. Your IoT device makers also may sent you updates — or you might have to visit their websites to check for them. Be sure to download updates and apply them to your device to help stay safe.
9. Audit the IoT devices already on your home network.
It could be time to upgrade that old security camera. Take time to check if newer models might offer stronger security.
10. Do the two-step.
We’re talking authentication. Two-factor authentication — such as a one-time code sent to your cellphone — can keep the bad guys out of your accounts. If your smart-device apps offer two-factor authentication, or 2FA, use it.
11. Avoid public Wi-Fi networks.
You might want to manage your IoT devices through your mobile device in a coffee shop across town. If you’re on public Wi-Fi — generally not a good idea — use a VPN. For instance, Norton Secure VPN offers a number of privacy and security features for both public and home Wi-Fi.
12. Watch out for outages.
Ensure that a hardware outage does not result in an unsecure state for the device.
No doubt more IoT devices are coming and will angle for a place in your home. If they make your life more convenient — even happier — great. But don’t forget to secure your increasingly smart home and your IoT devices.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.