The Internet of Things (IoT) is rapidly taking off as people and businesses connect everything from their cars, to their home automation systems, and to the Internet.
These devices are starting to change how we live and work – allowing us to track our heart rates and calories with a fitness tracker, monitor and improve our driving habits via a vehicle telematics device, and so much more, writes Ernst Wittmann, regional manager for Southern Africa at Alcatel.
Yet connecting a device to the Internet exposes it to a range of information security threats. We have already seen hackers create botnets using connected fridges, webcams, smart DVRs and other IoT devices and launch distributed denial-of-service (DDoS) attacks. And as we store more personal data – for example, health or payment information – on IoT devices, the risks of data theft and loss will multiply.
As we use the IoT for convenience, we must not treat privacy and security as an afterthought. The IoT devices could be the most vulnerable point in your home or office network. Here are five simple ways recommended by ALCATEL, to improve the security of your information as you start to introduce more and more connected devices into your home or small business.
* Don’t connect a device to the Internet unless there is a clear benefit for doing so – The most secure device is one that isn’t connected to the Internet in the first place. Ask yourself whether there’s really any benefit to connecting your fridge or your baby monitor to the Internet before you do it. And when you’re not using a device, consider disconnecting it from your network.
* Create a separate guest network for IoT devices – Many WiFi routers will allow you to set up multiple networks so that you can, for example, allow guests in your home or customers at your office to browse the Internet. Consider connecting your IoT devices to a separate WiFi network to the one you use for your personal PC and mobile devices. This means that if someone gains access to the IoT device they won’t be able to use it to get to your other devices and information.
* Use strong passwords for each device – You do use strong passwords to secure your PC and the many online services and applications you use, don’t you? Apply the same principle to any IoT devices you connect to the Internet. In addition to picking a strong password, it’s wise to pick different passwords for each device and different ones to the ones you use for email, online banking, social media and so on. A hacker who gets a password and login name for one of your IoT devices will probably try it on other online services and devices. Using different details for each service and device means a hacker won’t have a skeleton key for all of your accounts and devices if he or she manages to break into your smoke detector or your media streaming device.
Bonus tip: Remember to change the password and login name for your router and all other devices when you first connect it to the Internet. Many people leave the default password and login in place – something like ‘admin’ – and make life easy for the criminals.
* Stay updated with the latest firmware – When makers of IoT devices identify security vulnerabilities in their devices, they will usually release software updates to fix them. Installing the latest security patches for your devices’ firmware will help you reduce the chances of a successful attack. Check for updates every three months or so, or configure your devices to automatically download the latest patches.
* Protect your smartphone, tablet and PC – It goes without saying that you should take all sensible steps to secure your PCs, tablets and smartphones since these are the devices you’ll usually use to log in to your router and your IoT gadgets. This includes ensuring you have up-to-date antimalware software, using strong passwords and so on. You’ll often access your IoT devices, mobile banking, and many other services from a mobile app, so take good care of your smartphone. Secure access to the device behind a PIN or password when the screen is locked and set your phone up so you can remotely track its location and wipe your data if it gets lost or stolen.