As consumers buy more smart watches, activity trackers, holographic headsets, and other Internet of Things (IoT) devices, the need for improved security on these devices will become more pressing. Online criminals could exploit these new devices to conduct data breaches, corporate or government espionage, and damage critical infrastructure like electrical grids.
- Don’t connect your devices unless you need to. The first step is to consider what functionality you need from the device. Just because your TV or fridge can connect to the internet, doesn’t mean you definitely want to hook it up. Take a good look at the features it offers and learn exactly what internet connectivity brings before you connect.
- Create a separate network. Many Wi-Fi routers support guest networking so that visitors can connect to your network without gaining access to shared files or networked devices. This kind of separation also works well for IoT devices that have questionable security.
- Pick good passwords and a different password for every device. It’s very important to pick strong passwords, but you must also make sure that you pick a different password for every device. If a hacker manages to get one of your passwords, they will typically try it with other services and devices. Reusing passwords is not a good idea. Use a password manager to keep track of all your passwords.
- Turn off Universal Plug and Play (UPnP). Sadly, UPnP can make routers, printers, cameras and other devices vulnerable to attack. It’s designed to make it easier to network devices without configuration by helping them automatically discover each other. The problem is that hackers can also potentially discover them from beyond your local network because of vulnerabilities in the UPnP protocol. Is best to turn UPnP off completely.
- Make sure you have the latest firmware. If you want to make sure you have the latest security patches and reduce the chances of a successful attack, then you need to keep your firmware fully updated. Vulnerabilities and exploits will be fixed as they emerge, so your IoT devices and your router need to be regularly updated. Automate this wherever possible or set a schedule to check for updates every three months or so.
- Keep personal devices out of the workplace. Don’t take your personal IoT devices to work. There are lots of potential security concerns for wearables. Every enterprise should have a clear BYOD policy, and it’s often a good idea to prohibit personal IoT devices from connecting to the network, or at least limit them to a guest network.
- Track and assess devices. Businesses need to track everything connected to the network and monitor the flow of traffic. Devices need to be assessed to determine the level of access they should have, to keep them fully patched and up to date, and to protect data end-to-end to preserve its integrity. Unknown devices should flag an alert. Understanding which devices are connected and what they’re doing is a prerequisite for proper security.