National Cybersecurity Awareness Month – Protecting Your Hackable Home IoT

IoT home network with appliances

You may think your home’s smart devices only send data about temperatures or your exercise activities, so why does it really matter who sees it? Data in aggregate can reveal more than you think about yourself and your family, but even if privacy doesn’t matter to you, lack of data protection isn’t the only risk. Hackers can easily manipulate unsecured IoT-connected devices, get into your network and infiltrate other devices, such as your home computer. Every unsecured device you own is a potential inroad to your home network. Hackers can also take control of your devices and use them to conduct large-scale attacks on businesses and other organizations, such as was the case with the Mirai botnet. We all have a responsibility to improve our nation’s cybersecurity, and we can start with home network security.

Check Your Network for Connected Devices

The first step to implementing IoT security at home is knowing what devices are connected to your home network. Most routers have a web portal that allows you to log in with your router username and password. Here you can check all devices connected to your network. If you don’t know what your router’s web portal is, check the documentation that came with your router or search for your router’s web portal online. Review the list of connected devices and remove any that are unnecessarily connected to the Internet.

Buy a Firewall or UTM

Installing a home firewall that can protect all the devices on your network is the most efficient and realistic way to secure your IoT. Some routers have built-in firewalls. They are not as effective as separate firewalls, but for the amateur, built-in firewalls are better than no firewall at all.

Consider routers and firewalls that are VPN-enabled, allowing you to connect your router to a VPN service, encrypting all traffic on your network. Without this feature, it will be impossible to encrypt data transmitted from most home IoT devices. Another option is to buy a UTM or Unified Threat Management device. These cost around $300 and provide you with multiple network defense mechanisms, including firewalling, anti-virus and spyware protection, intrusion detection and prevention, content filtering and VPN support.

Create 2 or More Home Networks

If you buy a router that enables you to have more than one SSID or service set identifier, you can divide your home network traffic into separate sets. For example, keep IoT home devices such as speakers, TVs and thermostats on one network and your computer, tablet and phone traffic on another. This way any network traffic that contains sensitive data is on a separate network from your home devices.

Change Factory Passwords

It’s so simple, but so often ignored: change the factory passwords on your devices, especially your routers. Make sure the password is strong – containing at least 12 characters and numbers or symbols. The password should not contain your name, phone number, email address, self-identifying information, or anything that can be easily guessed.

Check for Firmware Updates

Most IoT devices weren’t built with security in mind; however, many companies are providing regular firmware updates in an effort to retroactively address security issues. Check with your manufacturer to ensure you are getting these updates.

Install Security Software on Controller Devices

Most IoT devices are controlled via apps, which can be another weak security point depending on how well protected your phone apps are. If someone hacks your phone or phone apps, they will then have access to your home devices, not to mention any account information. Try to always use your phone on a secure network, or install a VPN app. For an extra layer of protection, consider installing security software on your mobile phone, such as Avast Mobile Security or Lookout Mobile Security.