'The Internet of Things (IOT)' Blog - January 2020

Smart devices have revolutionised the way we live our lives, at home and at work. Many smart devices designed for the home allow you to control them remotely. Turning the lights or heating on via a mobile app or unlocking doors through your smartphone might seem a good idea, but anything that connects to the internet potentially exposes you to a hacker if your device is insecure. Ask yourself whether it is really necessary to have it connected to a network. If not, disable it. If yes, on the other hand, you will need to work much harder to maintain security. We can stop cyber criminals in their tracks if we follow simple, practical advice and constantly ask questions of manufacturers to make sure their devices protect us from the most common types of cyber attack.

Whenever you buy a smart device, always change the default password. If it isn’t clear how to change it, or you need help, pick up the phone to the supplier and ask them. Choose a password that is difficult to guess and try to avoid using personal references, as they are easy for criminals to break. The UK Government now advises we use a passphrase (three random words) as opposed to a combination of upper- and lower-case letters, symbols and numbers. A passphrase is significantly more difficult for a criminal to break thanks to the almost infinite combination of words in the English language. It can also make it easier for you to remember.

Secure your router by changing all default credentials and use WPA2 encryption to disguise your network from immediate view.

Split the network. This is slightly more technical but worth enquiring with your IT provider. IOT on a separate network considerably reduces the chance of important information being exposed, should the device become compromised. If you already have a guest network, connect all smart devices to that.

Enable a Firewall to monitor and block unauthorised traffic on the network.

Update the software as soon as it becomes available. If updates can be applied automatically, use this option and save yourself the hassle of sustaining this manually. Maintain the security of any device your IOT is controlled from, to ensure it can support the latest update release.

Take time to work through the device settings and disable any unnecessary features that are of no benefit to you or the usability of the device. This includes analytics (this only benefits the manufacturer and they will log everything you do with your device); location settings (if the device knows your location, so does a hacker. If you are not using the device, they will know you are not at the location and could proceed to robbing the premises). Consider whether the device really needs access to novelty features, does a fridge need access to Twitter to stay cool? Does your Home Assistant need access to your photos to play music? Enable built-in security features if provided, such as restricting who can interact with the device- your Google Assistant has the ability to only respond to your voice.

Finally, in 2018, the Government published the first Code of Practice for the Internet of Things. The Code sets out basic principles for manufacturers to follow when developing IoT products for the UK market. The Code sets a benchmark for security that will reassure consumers about the devices they are buying, supported by a new Kite Mark which has been developed by the British Standards Institution (BSI). Asking the manufacturer about security or whether they have a BSI Kite Mark is a good way of ensuring that ‘secured by design’ is at the heart of what they do.

By Hannah Khoo (Business Engagement Officer)