Smart TVs, watches, cameras, gaming consoles, and other smart devices have become essentials in our life. Life is so much easier with a home full of internet-connected devices. However, while they add a level of convenience to your life, you should know that they also make your home and privacy vulnerable. What are these vulnerabilities? What tips should you follow to enhance your Smart Home’s security? This guide has everything you need.
Shipments of smart-home devices are booming and businesses turn their offices into places serviced and managed by smart devices as well. Purchases of smart devices for home and office usage are forecast to grow by between 10% and 29%, depending on the product category, by 2020.
Source: Statista
Smart security and monitoring systems, smart speakers, smart light bulbs, air conditioners, and heating systems as well as various smart sensors now everywhere, building the backbone of the emerging Internet of Things global network.
The wide adoption of smart devices by households and businesses makes our lives easier. But as we mentioned, this broader connectivity creates new cyber-security risks we need to address.
A universal device connectivity introduces new methods for intruders to penetrate a home or office network and security researchers report about new attack vectors such as connected video cameras or even smart locks.
Ironically, you need to secure your smart security camera against hacking attacks while bad actors can use even a simple sensor as en entry point to your network and beyond. Your security camera might become a tool to spy on you. What’s worse, it can be suppressed so that it fails to go off when an intruder enters the home.
Security risks associated with smart devices are very similar regardless of the type of network you have in place, home, or office network. Evidently, a smart-office network has more layers to protect and more users to monitor but the basic risks and the principles of mitigating these risks are all the same.
Let’s start with the plethora of portable devices that are in use today. Whether it is a home network or an office network, any user can attach almost any portable device to the network. Then, the attached USB device gets access to some resources on at least one computer within your smart device-enabled network.
To where this attached device will try to connect is anyone’s guess as USB ports serve as both plugs to power your, say, portable fan, and as a data port.
Offices where Bring Your Own Device (BYOD) policy is in place witness even more complex use-case scenarios as employees connect a wider range of devices to their workplace computers.
Anything you plug to a computer behind your firewall is potentially risky.
A good number of smart devices have cameras or microphones in addition to your already installed security cameras and/or voice-activated smart devices. Virtually any home or office computer has a hackable camera and microphone, too.
A number of cyber-security incidents, involving security cameras manufactured by well-known vendors and installed by reputable security companies, show that connected monitoring equipment is still quite vulnerable to hacking.
The same applies to smart locks that use voice commands or connect to a mobile app to send and receive status info. The list of smart devices a hacker can penetrate to spy on you is long and includes devices ranging from a smart lock through a connected garage camera to your own computer’s camera and microphone.
People tend to perceive a smart bulb as a “safe” device that poses no security threat. But this smart bulb connects to your office network and from there it could well try to communicate with the ATM at the lobby of your building through connected building sensors that also connect to your network.
When moving to a new home or office you might “inherit” connected devices for which you have no idea they even exist. Security experts call these the “Orphan devices.” The problem with such devices is that they are part of a network but they do not get maintenance as well as software security patches and updates.
As you can see, the security risks associated with smart-home and smart-office devices originate from multiple directions and you need to have multiple attack vectors in mind when securing a network comprising smart devices.
Even a simple home network needs at least a basic cyber-security strategy, which starts with taking note of every connected device and respectively taking measures to secure it.
Do not rely on device vendors and manufacturers to update the firmware of your smart device. It happens occasionally on any device you might be using.
For some reason, the device won’t automatically update although you’ve enabled the option. The best thing to do in this situation is to check for updates on your own. All you have to do is update them manually once a new version of the software comes out.
Think of your Wi-Fi router as a primary attack vector. Most home and office IoT devices connect to a network through a Wi-Fi router, not by using a cable connection.
Securing your router is crucial even if you have a cable network in place. But with a Wi-Fi router, anyone within its reach can try to penetrate your network.
Carefully check the settings of each of your smart devices as many of them come with too loose network access and security settings. Changing the default device password and protecting each device with a password is a no brainer.
But before you do that, you might want to change the name of the router the manufacturer gave it. It usually comes with identifying information for the model. This helps hackers tap into your network easily.
Now, choosing a strong password is another approach to a safer smart home. Uppercase, numbers, and symbols, they all help in creating an uncrackable password.
You might worry about remembering it, but that’s what password managers are for. On the other hand, creating a powerful password is so much easier with Password generators.
They can come up with strong passwords and show you how tough it is on their meters. Moreover, try disabling your SSID broadcasts. It prevents unwanted individuals from finding your home network.
Having a two-factor authentication for your smart-home devices is another advisable security measure. Hackers are actually able to bypass two-factor authentication.
However, this usually happens in the context of a targeted attack and requires advanced skills to complete. Anyway, two-factor authentication can only boost the overall security of your home or office network.
With this option, you’ll be at least notified if a certain hacking attempt occurs. That way, you’ll have enough time to reset your password or terminate the account before any damage gets done.
Another best practice is to have a guest network at both your office and at home. In other words, you’ll be assigning your IoT devices to a separate network that is not accessible to visitors or relatives connecting to your network.
It’s simple. Create a network called “Guests” and whoever visits you connects to it. As a result, you’ll be protecting your smart home devices from sharing the same connection with unknown devices, protecting them in the process.
A comprehensive strategy for protecting a smart office also requires running security tools. We’re talking about next-generation firewalls, antivirus with heuristic capabilities, routine use of point-to-point VPN solutions.
These are very essentials tools if you are to have a unified endpoint management system in place. We’ll be talking about the anti-virus and firewall next. But for now, we’ll focus on Virtual Private Networks.
These cybersecurity tools have gained a lot of popularity throughout the years. The reroute user traffic through an encrypted tunnel, adding an extra layer of security in the process.
This military-grade encryption is very tough to crack. Nowadays, most reputable VPNs apply 256-bit AES encryption, which makes it next to impossible for anyone to get a hold of what’s sent or received.
Moreover, a VPN cloaks your IP address and assigns you a temporary one based on the server you connect to. This allows you to surf the internet anonymously and avoid any tracking attempts by third parties.
The best part is that some routers are VPN compatible. If you install a VPN on your router, all of your connected devices will share the VPN benefits simultaneously.
Evidently, you need a firewall and antivirus software to protect a home network of a few smart devices as well. However, the number of connected office devices might count in the range of dozens and hundreds.
Let’s not forget that some of them only occasionally connect to the network, which in turn requires a complex plan for monitoring and managing such smart devices.
Either way, keep your firewall up and install credible anti-virus software. Without those, any device is susceptible to online threats. Also, while those are on, you can do something on your own for enhanced security.
IoT devices have several services you might not even need such as remote access. This feature is enabled by default most of the time. Deactivate it if you don’t need it.
Smart devices are gradually becoming standard equipment in both home and office networks. This makes them an integral component of any cyber-security strategy.
Smart technologies, specifically IoT, are still work in progress, which makes them vulnerable. Hackers are able to exploit these numerous vulnerabilities in both firmware and software powering smart devices.
You need not be over-paranoid but adopting a Zero Trust approach toward connected smart devices – and ‘non-smart’ connected equipment as well – seems like a good practice. We should bear in mind that the IoT industry is still to adopt all-encompassing security standards and procedures.