Mark James, ESET IT Security Specialist, guides us through how and why we should secure our IoT devices.
IoT is simply huge, the rate at which these devices are becoming available for the public is faster than any “type” of device we have seen in the past. In an ideal situation we want to purchase a low cost item that has lots of features we may or may not need, that’s super easy to setup and integrate so once it’s installed we can forget about it.
Sadly keeping secure goes against the grain for most of those options. In too many cases “low cost” can mean less security or options to secure, easy to setup means we use default usernames and passwords that often are not forced to be changed once installed.
Once the item is in place it’s often treated as an “install and forget” device, meaning we could neglect to update or patch any vulnerabilities or exploits found in the early stages of this technology.
So what can we do? How can we help ourselves stay safe?
The very first thing we should do is change EVERY default password we encounter, one of the most important ones is for the router, every piece of internet traffic passes through this box so its ultra-important to keep it secure.
It is possible with today’s routers to set up small individual networks in our own homes. It may seem like a hassle but if you segregate your devices so your IoT is using one network and your personal devices are using another then if your IoT devices become compromised they won’t have access to your private data. Your router may provide an easy to follow set-up wizard to help you set this up.
As manufacturers want to entice you to purchase their devices they may include features or services to place them above the competition. You may or may not need all or indeed any of those services so consider disabling them if you don’t, having ports open to the internet could enable a hacker to gain control of your hardware via the internet.
You hear about updating and patching all the time and may not always understand why or follow the advice. Imagine having a family of four that all have keys to your front door, one of them lose their keys, your keys still work and the door still locks but someone somewhere may also now have the means to access your house without your knowledge or consent.
That’s how vulnerabilities work. Someone has found a way to potentially get in without your permission, this time though it’s not going to actually cost you any money, just time and a little effort, always check your devices for updates, if there are any get them installed as soon as you’re able, it may just stop you becoming a victim.
When out and about try to think about the “free” Wi-Fi points you’re connecting too. Consider their validity, just because the access point says “free coffee shop Wi-Fi” or appears at the top of the list don’t assume its legit.
If you are indeed in a shop or restaurant just ask or have a look around to see if the actual access point name is displayed.
Please consider what you’re going to do with that Wi-Fi, if you are going to do internet banking you may want to consider using a VPN and or your much safer cellular internet connection.
Have you made sure to change all of your default passwords? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.