Tips for protecting IoT devices

Following the latest news that hackers could start holding internet-connected devices to ransom, David Emm - principal security analyst at Kaspersky Lab - provides some advice on how to protect these devices

Tips for protecting IoT devices

There are some basic practices that should be followed by everyone, from individual consumers to the largest global enterprises. These include: using strong passwords, regularly checking for and installing software updates, and implementing appropriate security software

People live in an increasingly connected world. Today this includes much more than traditional computers. More and more homes include ‘smart’ devices –mobile phones, fitness bands, TVs, webcams, electricity meters and more.

What makes them ‘smart’ is that they are connected to the Internet using Wi-Fi and are able to send and receive data. This huge – and growing – mass of connected devices makes up the ‘Internet of Things’.

>See also: IoT and smart cities: meeting sustainable development goals

The chief benefit of having connected domestic devices is convenience – people and businesses are able to control them remotely from their smartphones.

Unfortunately, if smart devices aren’t secure, others – including cyber criminals – can take control of them. Until recently, this seemed like the stuff of sci-fi movies.

There are some basic practices that should be followed by everyone, from individual consumers to the largest global enterprises. These include: using strong passwords, regularly checking for and installing software updates, and implementing appropriate security software.

Further, this approach should be applied to every connected device on the network, including routers.

There is also a role for the manufacturers of connected products and the security industry. Everyone needs to work together to ensure that strong protection and patch management is designed-in from the very start. Once a product is on the market, it is already too late.

There’s also a role for governments, in developing security standards for IoT devices. People expect that everyday objects – children’s toys to furniture – come with certification marks indicating that they are physically safe. In future, this will have to extend to digital objects also.

>See also: How blockchain will defend the Internet of Things

In order to help users protect their lives and loved ones from the risks of vulnerable IoT devices, Kaspersky Lab advises them to follow several simple rules:

· Make sure that the default username and password are changed; this is the first thing an attacker will try when attempting to compromise your device.

Remember that even if it’s a non-smart product, such as a satellite receiver or a network hard drive, the administrative interface might be vulnerable to attack.

· Make sure all your devices are up to date with all the latest security and firmware updates.

If it’s not obvious how to check for such updates, you should check with the manufacturer – applying security updates is one of the key things you can do to make it harder for attackers to compromise your device and your home network. This will also tell you if the manufacturer considers it to be an obsolete product.

· Use encryption, even on the files you store in your network storage device.

If you do not have access to an encryption tool, you can simply put your files in a password-protected ZIP file – this is not as secure, but it’s still better than not doing anything at all.

· Most home routers and switches have the possibility to set up several different DMZ/VLAN.

This means that you can setup your own ‘private’ network for your network devices, which will restrict network access to and from this device.

>See also: How the Internet of Things is impacting enterprise networks

· If you’re really paranoid you can always monitor the outbound network traffic from these devices to see if there’s anything strange going on, but this does require some technical knowledge.

· Another tip for tech-savvy consumers is to prevent network devices from accessing sites they’re not supposed to access, only allowing them to download updates and nothing else.

Comments (0)