Gadgets, we love them, don’t we? So much so, that the Smart Home market will be worth about £117 billion (USD 151.4 billion) by 2024. The problem is that the modern gadget is internet-enabled, or in other words, home devices are now part of the wider Internet of Things (IoT). So what, I hear you exclaim, as you turn to your digital assistant and say: “Hello Alexa, tell me a joke.” Well, the joke may be on you if you don’t take some precautionary measures to protect your Smart Home against cyber-threats.
In 2019, cyber-attacks on IoT devices increased by 300%, according to research by security vendor F-Secure. Cybercriminals love the fact they can disrupt your life by taking advantage of security flaws and vulnerabilities in things that sit inside our living room.
If there is no safer place than home, then we need to make sure that we close the door on cybercrime. Here are 5 tips to do so…
The Smart Home is a Safe Home
A YouGov report found that 23% of British homes contained one or more smart devices (excluding smart meters). Smart devices are based on data. They create it, collect it, share it, and often store it in apps on your mobile phone. These data are valuable because these data are us; our identity, our behaviour, our financial details. The job that a smart device does is also a risky area in terms of cyber-threats. Being able to control a person by controlling their environment can be an attractive proposition for a certain nefarious individual. Personal safety is also an element of cybercrime aimed at smart devices.
Here are 5 ways to make sure you can batten down those smart home hatches.
Tip one: A good pedigree
The UK Government is bringing stronger legislation around IoT devices into law. The legislation will mandate that IoT manufacturers must follow stringent security guidelines, including ensuring that passwords are unique and that reporting a security flaw is made easier. This legislation is being created to reflect the poor security practises of many IoT manufacturers, evidenced by the fact that less than 10% of consumer IoT companies follow vulnerability disclosure policies.
When buying a smart device, check out the pedigree of the manufacturer. Do they offer regular security patches, do they allow for easy password updates? Once the UK legislation comes into force this will be much easier to do, as it will force manufacturers to use an IoT security label that clearly shows their commitment to security.
Tip two: The old default password issue
Default passwords for common IoT devices are on the internet for any interested person to find. For example, a recent list was posted to the web that gives manufacturer passwords for half a million routers and smart home devices.
Whilst the legislation to mandate good security practices weaves its ways into the mainstream of manufacturing, you should look to ensure that any default passwords on your smart devices are immediately changed.
– Engage your staff with scenario-based security awareness training or “In-the-Moment” training.
Tip three: Isolation and guest networks
If you have visitors to your home, make sure that they use a guest network and not your main network. Isolate your main home network from a guest network using a password (and use a second factor for login if available too). Connect your own personal smart devices to your main network. Work on the use of IoT devices in domestic abuse cases has been carried out by a team at UCL in London. They found instances where ex-partners still had control of a device through the network which they would use to control temperature setting, etc.
On the matter of misuse of devices and associated data. This Tweet shows how difficult it can be to control your own information once someone else has control of it.
Tip four: Switch off extra settings
Switch off any settings on your smart device that are not needed. For example, you may want to switch off routine use of the microphone and camera on a digital assistant such as Amazon Alexa. Or think about disabling the use of voice purchases. In terms of privacy, some smart devices are better than others. Check the privacy settings to see if your data is being shared with third-parties and if you can switch this feature off. You can also check to see if voice data is saved and delete any that is not expressly needed to work the device.
Tip five: Smart unplugged
If you don’t use it, switch it off. A study by the Royal Society of Chemistry (RSC) found that there may be up to 40 million old or unused smart devices in homes across the UK. Many of these are smart phones, but other devices such as wearables are also commonly bought and discarded. Whilst this is bad for the environment, it is potentially great for cybercriminals. The devices may have been used at some point, accounts created, data added, stored in cloud servers and forgotten about. If you stop using a device, you should attempt to delete the data and the account. However, some manufacturers may not have made provision for this option, and you may have to contact them directly to have your account closed and data deleted.
The Defence Works hopes that you find these tips on how to keep your smart devices cyber-safe useful. Check out our blog features for more cybersecurity tips.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.
Subscribe to the Proofpoint Blog