Protecting the Connected Home: A User’s Guide
It used to be that only geeks loved gadgets, but since ‘Internet-connected’ device, otherwise known as the Internet of Things (IoT) arrived on the scene, the IoT is now embraced by everyone. 2016 really was the year that consumer IoT really took off. Devices like Google Home and Amazon Echo have captured the public’s imagination. According to research, Amazon Echo has sold around 5.1 million units in the two years since launch, and those sales doubled in the years 2015-2016. And the IoT love affair continues as the latest figures from VoiceLabs expect to see 24.5 million unit sales of Amazon Echo and Google Home in 2017.
Creating the connected home is becoming a very attractive proposition. You can have music on tap in every room, control lighting and heating – even when not at home, and it also improves your personal safety with devices like the Nest Protect smoke alarm.
The connected home is bringing us enhanced entertainment, more fun, greater safety, and faster services. More and more devices are being designed as ‘Internet ready’ and analysts like Gartner are expecting the average home to have 500 smart devices by 2022.
Even with more and more homes connecting up, attacks on home-based IoT devices are still uncommon. However, just as you lock your front door, even if you have never had a break in, you should also protect your smart-home. Here are a few tips on protecting your IoT devices and ultimately making your smart home, smarter.
Being a Wise IoT Device User
Getting back to basics, one of the most important things to remember is that an IoT device ‘talks’. That is, it will send information, and usually lots of it, to the Cloud, often communicating with mobile apps, and sometimes other IoT devices. Analysts IDC are expecting that by 2025 there will be 180 zettabytes of data generated by the IoT annually. Researching an IoT device and manufacturer is vital to ensuring you get a quality product that has your data security at the heart of its design ethos. Make sure you choose devices from established vendors. They are more likely to use industry best practices like secure coding and have security integral to the design of their products. They are also more likely to issue regular software updates too. Research by Ubuntu found that 40% of consumers never actively update their smart device. The discipline of keeping our computers up to date is part of our everyday working lives now. This discipline needs to be extended to include smart devices in our homes and offices.
One of the main security issues of routers, that has led to IoT hacks, is that some of them come with default passwords. These passwords are often easily guessable or brute forced by hackers. Once a router is installed is it important to change that router password to something stronger and less easily hacked – your user manual or manufacturer’s website should tell you how to do this.
Staying Cyber in a Trustful Environment
IoT devices are not standalone and will often be linked directly to a mobile app to manage and control the device and the data. Mobile phone security is also part of the IoT landscape. Mobile industry body, GSMA, is working on the ‘Connected Life’ project to determine best practice guidance for managing IoT devices on a mobile network. A ‘clean mobile’ policy would include ensuring that mobile devices are fully up to date with new software installs, and that IoT device app downloads come from a safe site, such as the manufacturer’s website or a legitimate app store. Privacy is also a consideration. When installing a IoT related app, check out the settings and ensure permissions are configured at a level you feel reflects your privacy needs.
Having an inventory of your IT resources is a good strategy and adding in IoT devices to that inventory is a good way of starting to be “Cyber in a trustful environment”. If you know what you have, you can more easily control any situation. Keeping a track on how your devices are operating, will let you have an early view of anything happening that shouldn’t be.