In light of it being cyber security awareness month (the 17th October in a row!) we thought it would be a good time to take a look at smart devices and your home network. As many of us work from home, now more than ever, we need to be vigilant about the new and fun smart devices we add to our home network.
There are some easy, great questions we should be asking ourselves before we connect these devices and possibly invite problems into our lives, especially since these devices will be on the very same networks we connect our computers to in order to WFH.
- Does this device come with a default username and password? If the answer is yes, then you should first look to see how you can change the password before completing any network connection. If you can Google the default password for your device, then so can someone looking to exploit it.
- Does this device come with default settings that might put the network at risk? Often many of the little internet accessible gadgets come with troubleshooting tools that are always left on. Some consumer grade routers come with “universal plug and play” enabled by default, which can expose your internal network by mistake.
- Before connecting this device, is the firmware fully updated, have all security patches been applied? Double check with the manufacturer’s website to confirm that your device is running the latest firmware and has all security patches applied.
- Have you reviewed all the instructions and has the device been fully configured? It seems silly, but make sure you know all the security settings, what they are for and how to configure them, before putting your devices online.
- How much information am I “sharing?” If this device is connected to a cloud service, do you know how much data the service is collecting about your environment? Look into the terms of what the cloud service is able to access. How often is your new device sharing that information? Are you comfortable with that amount of information? Do you have control over what you share? If so, you might consider changing the default permissions.
- Do I actually need this device online? Although that new Smart Dishwasher is cool, does it really need to be connected to the internet? Is the convenience of the alerts to order more dishwasher soap worth the risk of that device being used as an entry point for an attacker to get access to your home network and possibly exploit your data? That is up to you to decide. If the device does not need to be always on, consider unplugging it from the wall socket, not only will you reduce your risk, but you’ll save a little energy, too!
- Does your home networking equipment offer “Client Isolation?” If yes, is it enabled? Some consumer grade home routers come equipped with options to limit the ability for devices on the network to communicate with each other. This is known as client isolation. This feature will help reduce the risk of a security flaw or hole in one device being able to be used to exploit other devices on the network, or access laptops or other computers.
- Does your networking equipment allow you separate your network? Some equipment will allow you to segregate your network, giving you the opportunity to create a separate wireless network or a guest network for IoT devices. This setup approach prevents access to the network to which your work laptop or computer is connected, limiting the exposure should one of your devices be compromised.
There are many things to consider when purchasing Smart Devices and configuring them for your home network.
https://www.pcmag.com/how-to/how-to-protect-your-smart-home-from-hackers