If there is any remaining debate around how popular the Internet of Things (IoT) really is, it should be laid to rest: 2018 is the year that IoT-connected gadgets are expected to surpass mobile devices. All of the major players—like Google, Apple, Microsoft, and many others—are investing heavily in IoT tech, and it is widely considered to be the next-wave movement in technology.
But as with any new trend, there are still some bugs to work out. For those of you who are just beginning to explore the practical applications of connected devices, keep reading to learn more about IoT security concerns —and what you can do about them.
What Are the Inherent Security Risks?
Having so many companies deeply involved with IoT tech is great for variety and availability, but it also poses problems. Currently, there is a struggle for domination among the major companies in the field and while their battle rages on, smaller manufacturers are simultaneously creating their own IoT protocols.
Unfortunately, a clear IoT standard has yet to emerge, and it is difficult to say if any consensus is in sight. This diversity makes it difficult for developers to institute any large scale security solutions.
Until there’s more standardization, here are three lines of defense you can employ to keep your IoT devices safe and secure.
1st Line of Defense: Keeping Your IoT Devices Password-Protected and Up to Date
It may seem obvious, but making sure that your IoT devices have secure passwords and stay up to date is a very important—and often overlooked—step in protecting your information. The unfortunate truth is that most IoT devices are both insecure and out of date. Because so many IoT gadgets require very little setup, it’s easy to just plug them in and let them run.
Some devices are innocuous enough to be left alone. However, with an appliance that has a direct line to your iPhone or a digital assistant like Alexa, defaults can be a serious threat to your security.
You’ll want to change the default username and password for any gadgets that allow it, and set up two-factor authentication if possible. You should also verify whether the device automatically updates; if it doesn’t, regularly check in for firmware and software updates from the device manufacturer.
2nd Line of Defense: Securing Your Networks
When your individual devices are secure, the main point of entry into your IoT is going to be through your main network. There are many different methods that you can use to secure your networks against potential threats, but here are a few of the most effective:
- Basic Network Security Protocols: Putting basic network security protocols in place can go a long way, so make sure that you aren’t using any default passwords on your modem or router and that your router uses a secure Wi-fi standard. You might also consider making a separate guest network for visitors to use, so you can keep your smart tech siloed on its own connection.
- Standalone Firewall: “Firewall” is a term that gets thrown around a lot but rarely explained. Simply put, a firewall is an electronic barrier designed to stop hackers before they can access select sensitive information. It is likely that your computer’s operating system (OS) has some sort of firewall software, but this won’t protect the other devices on your network.
While using the built-in firewall on your OS is better than nothing, the truth is that if a hacker has reached your OS firewall, they are already inside your computer. When you place a firewall around your network, on the other hand—through the router, for instance—all internet traffic must pass through that point. The firewall can then help filter out potential attacks before your devices are affected.
- Virtual Private Network (VPN): A VPN service takes all of the information that is traveling from your network and encrypts it. The encryption allows you or your smart devices to connect to the web as usual, but to websites or other entities that have access to your online activities, the data sent over that connection will be obscured.For full protection, you’ll want to set up VPN client software on your router, as it may be difficult or impossible to set up a VPN on each individual device. One unfortunate downside to this is that there is typically a monthly/yearly fee to pay for access to a VPN service. Additionally, because your information has to travel to an outside source before reaching its final destination, it can make your internet connection seem sluggish.
3rd Line of Defense: Removing Old Devices
With so many new IoT devices coming out and replacements for old devices hitting the market regularly, it’s increasingly easy to forget about every connected device on your network. But old IoT devices may carry old security protocols, forgotten passwords, and a whole host of other threats to your networks.
Each device in the IoT is a potential weak point that has to be secured. So if there are old access points that you no longer use, you’ll want to thoroughly disconnect them from the network—even going so far as to do a factory reset on the gadget—to reduce the number of openings you’ll have to keep an eye on.
Basic IoT security can be broken down into three easy steps: secure your devices, secure your networks, and know what is in your IoT. Remember, while the devices themselves might not contain sensitive information, they could leave the door to your larger network wide open. And the older your devices, the greater the security risks they pose. The IoT was conceived to make our lives simpler, but security is something that we’ll always have to take seriously.