Internet-connected devices or Internet of Things (IoT) devices are popular holiday gifts. Now that the holidays are over, our shiny new tablets, phones, smart TVs, watches, and toys are providing hours of entertainment. Before the boxes and instruction manuals are long gone, it is the perfect time to make sure they are secure! These devices usually require personal and/or financial information to complete setup, which includes sending that information over the internet. Without thinking about it, we put in a credit card number or create a password in our haste to play with our new toy or satisfy an impatient child. Security of this sensitive information now resides with the manufacturer or service provider who is charged with keeping it safe from a cyberattack. Attacks and breaches happen every day and are frequently in the news.
Here are a few points to assist in securing your IoT device:
- Strong Passwords – Numerous websites and applications use passwords as the only hurdle to access sensitive personal information. Choose a strong, unique password help secure your device. Many devices use default passwords that can be found with a simple Google search. Ensure to change them to a stronger and more complex alternative.
- Multi-factor Authentication – More frequently manufacturers are providing options to enable multi-factor authentication. Often the user’s mobile phone is the other factor, increasing the difficulty for malicious attempts. Enable multi-factor authentication whenever possible.
- Install updates – Vulnerabilities are constantly being discovered and manufacturers make updates available to patch issues, as they become known. Updates should be installed as frequently as possible. Some devices allow for automatic or periodic updates. Where possible, these settings should be turned on to keep your device up to date and secure.
- Internet connectivity – Some devices require an internet connection initially, but do not need to be connected after the setup process is complete. Think about if it is necessary to have the device constantly connected to the internet. Along with internet connectivity comes various levels of risk of cyberattack. If a constant connection is not necessary, simply disconnect the device.