Welcome to my getting started guide to securing all of the new gadgets you got for Christmas and now have in connected to the internet your home. This guide presumes you are new to the subject of cybersecurity in the home and that you are using readily-available, off-the-shelf, consumer-grade routers and devices.
Did you get any newfangled technology gadgets as a gift this year? IoT devices like Nest Thermostats or a voice assistant like an Amazon Echo or Alexa, or maybe a Sonos music system, or Ring doorbell or Blink security camera system? These are common presents given over the holiday season that come with some serious tech bling but do not come with any knowledge for how to use them safely and not add potential risk to you, your family, or your livelihood in the new year.
More and more devices and appliances with Internet capabilities are on the market than last year or the year before but manufacturers still don't make our privacy or security a priority. So, the work falls on us as consumers to inform ourselves and perform steps to minimize our risks.
So what can we do if we've already bought one of these devices? While there isn't antivirus for your smart TV, what follows are some steps to help protect your Wi-Fi network so that Smart TV doesn’t become an easily-hacked back door into your network and into your home or office, leading to more serious breaches of your privacy and security.
The Risks Have Changed
Connecting every device possible to the Internet seems like a great idea in theory but we need to consider the implications that come along with new conveniences. We would never intentionally leave our house unlocked so anyone can easily come and go as they please without our knowledge. We need to think that same way about our WiFi networks and the devices we connect to them.
These new gadgets all create risk in new, unseen, and unconsidered ways. For example, wearable technology like Fitbits and Apple Watches that monitor our location can give details about our daily routines and behavior patterns that criminals can use to nefarious ends.
In fact, any connected device can potentially give someone access to our private WiFi network that controls things inside our house or office. Online alarm systems that can be remotely accessed via apps on mobile phones can easily be used against us when not properly secured. Burglars harvest and use any type of data they can from unsecured systems to case and plan how and when to break into homes while residents are away. Crime has evolved and it's time our understanding of it does, too.
Hacking into IoT devices isn't always super-slick-spy stuff. Sometimes it's just learning how to use Shodan, a search engine that helps people locate vulnerable IoT devices.
How To Better Secure Your Home
If you're still using an old password type called Wired Equivalent Privacy (WEP) on your wireless network, it's time to upgrade to Wi-Fi Protected Access II (WPA2) protocol. If we share our WiFi password with lots of other people, it's a good idea to change it sometimes to keep it secure. It's not our best choice to set it to our physical address or building name or birthday, either. Instead, set a nice, long password that you can remember. It's okay to use an entire sentence like myfavoriteteamwillwinthechampionshipthisyearicanjustfeelit!
WiFi Network Name (also called the SSID)
It's easy to give attackers personal information they can use in our wireless network name. For example, if we call it "Johnson's WiFi" or "1101 Burns Ave" that helps them locate and focus their efforts much more quickly and easily. If we name it something more obscure, it makes them work much harder.
If your wireless router or access point can create two separate wireless networks, it's a good idea to use them both. For example, create one network for your computers, tablets and mobile devices to use for general use and another, separate guest network for smart devices like we discussed above.
Sometimes the wireless routers and access points can create a guest network without too much fuss. Sometimes it's as easy as checking a box. If you're not sure, do a search for your router's make and model plus "how to create a guest network".
We can use the guest network for those IoT devices to keep them separate from our private WiFi network and allow guests to use it, too, when they come over and need WiFi.
If the wireless router or access point supports something called "wireless client isolation" or similar, this is a good thing to use, too. While this technology is not always practical on the private WiFi network, especially if you have children who want to play games that require they can "see" each other on the network, for example, this is a good thing to enable on the guest network as it isolates devices from each other, which prevents malware from spreading across devices should something become compromised. It adds an additional layer of security on the guest network where our IoT devices are for sure and is a recommended step if your router or access point offers and supports it. If you're not sure, you can do a seach for your make/model plus "wireless client isolation setting".
Change Default Security Settings
Network equipment (such as routers, wireless access points, and switches) and gadgets (such as smart TVs) all come with default factory-set passwords. Change each of these as soon as you can to something long and memorable. Whenever possible it's worth changing the default usernames, too, from 'admin' or whatever to make it harder for would-be attackers to break-in after they identify the make/model and search the default username and password on the Internet. Hacking someone's password isn't always super-slick-spy stuff. Sometimes it's just a clever Google search.
Firewall All the Things
We would never even consider living in a house without secured windows and doors. While these activities do require a greater level of effort and technical fluency, it's worthwhile to level up in order to better protect ourselves. It's important. If you don't feel comfortable doing it, however, don't be afraid to ask for help by hiring a consultant or asking a savvy friend or relative to assist you.
Networked devices all include information about the ports, protocols, and default IP addresses they use in their respective owners manual or online support pages. Set your firewall to only allow traffic in and out on those specific ports and protocols to reduce and/or eliminate common attacks.
Criminals don't want to work hard. They first look for networks where these steps havn't been taken. Hacking into networks and devices isn't always super-slick-spy stuff. Sometimes it's just finding the path of least resistance.
Taking Security Beyond Online
Once you've better secured the WiFi network on your home or small office, create an inventory of each IoT device you own— and also what it's doing. If you're not using it, or using it only rarely, consider disabling any/all remote-management capabilities. This radically reduces your exposure to preventable incidents.
Think about it like this: if you were an attacker, you'd prefer to access a smart garage-door opener or a smart thermostat that's easy and vulnerable instead of by doing much more work to compromise the network directly. Criminals will always find and take the path of least resistance. Don't make it easy. Make it harder for them.
Update the software on all your devices regularly. This cannot be overstated. Companies are typically slow to patch known and new vulnerabilities as they are discovered. Install all updates as quickly as you can. If there's an option to "Automatically update" your devices, it's a great idea. Don't forget about networking devices like firewalls, routers, access points, and switches. Don't forget about your SmartTV or Internet connected coffee machine, refrigerator, or oven. These are often overlooked and are common points of entry when criminals discover they are vulnerable and not patched.
Less is More
Consider seriously the technology you buy and install in your home. Whatever you buy, you're also purchase overhead in regards to the convenience you get. If you don't really *need* something, consider the additional risk that comes along with it whether you use it or not. A device that exists on a network always brings additional risk. Make sure the utility or value you're getting from a new device makes sense in proportion to the additional risk it will add to your life. If you don't need it, consider not buying it in the first place.
Thanks for reading. Please share this info with anyone you care about to help them kick off the new year in a safer and more predictable way.