Cybercrime and the connected household.
The rapidly expanding internet of things (IoT) now encompasses billions of connected machines like smart home technology, wearables and connected cars. By some forecasts, the number of devices connected to the internet is expected to triple from 8.74 billion in 2020 to over 25.4 billion in 2030.1
This growth has fueled a corresponding expansion of vulnerabilities. Extra caution is needed to avoid exposing your sensitive personal information to cybercriminals. Consider the following measures:
- Change the default credentials of your connected devices. The default security settings are often publicly available and far from secure. You should also disable any “nonessential” services.
- Make sure all IoT devices are running on a “guest” network that is on a separate subnetwork (VLAN) from the highly secured “main” network you use to access any online accounts that contain sensitive information.
- Turn off Universal Plug and Play (UPnP), a technology designed for convenience. It allows devices and applications to communicate with each other without additional configuration by bypassing security controls. It is a common way for attackers to exploit your network.
- Keep your device up to date. Many IoT devices do not update themselves automatically, and many updates address security flaws.
- Pay close attention to the data security and privacy policies of IoT manufacturers. Many IoT devices depend on cloud services or Bluetooth connections to function fully. This makes it possible for sensitive data to sync to these services without your knowledge.
- Know what data is collected as the devices are working and how that data can be used for nefarious purposes. For example, data streams from smart robotic vacuums can give attackers a detailed layout of your home. Settings on a smart thermostat can give insight into your schedule, and an internet camera can be used to view their feed in real-time.
- Screen out devices known to be insecure. Lists of known faulty IoT devices with flaws or hard-coded accounts can be found online. Click here to view an example of one of the many lists available.
1 Source: Statista