The Internet of Things (IOT) has revolutionised the way we live our lives. Whether it’s a doorbell, lightbulb, voice assistant (Alexa, Siri), kitchen appliance, children’s toy, everything connected to the internet falls under this category.
You may think of it as a “smart device”. Many smart devices have huge capability but neglect security. Cyber criminals will exploit this vulnerability to infiltrate an otherwise secure network or to simply use the devices themselves. You can read more about this in our Denial of Service Attack advice guide.
We can protect ourselves from the threats that the IOT poses whilst continuing to enjoy all that smart technology has to offer by following the recommendations below or read more...
Many IOT products are produced with a default password either commonly used or easily obtainable online. Use strong passwords for a truly robust security solution.
Change the default administrator credentials for the router settings (accessible online) and also change the issued Wi-Fi password. Ensure to use WPA2 encryption to disguise the network from immediate view
This will monitor and block any unauthorised connections to the network.
Any compromise of an IOT device will remain quarantined within the network of which it is connected, keeping the business network secure.
As with all software, IOT needs updating to receive security fixes for vulnerabilities. Enable automatic updates to be applied automatically, to never miss the latest update release.
Equally important, the Operating System of which the IOT application / online account is accessed must remain up-to-date to prevent cyber criminals harnessing vulnerabilities that enable remote access and control over the IOT device.
Default settings are not always applied with security in mind. Take time to enable security settings as applicable and disable all that offer no benefit to the business or usability of the device.
Where possible, enable 2FA to add an extra layer of security to the application / online account.
When a smart device serves no purpose to the business, immediately disconnect it from the network.