This is especially true with new areas like the Internet of Things (IoT) that open up a larger area of information for hackers to potentially steal, leaving consumers vulnerable, says Wombat Security’s CTO Trevor Hawthorn, who offers up some recommendations based on his own personal experience.
“As the IoT industry matures, we think we’ll continue to see varying degrees of security and privacy postures within these products,” he says. “Devices made by higher-end, well-funded, and better supported vendors such as Nest, Ring, and Canary that use cloud-backed solutions, to date, have a strong security track record.”
“Cheaper, stand-alone devices produced by off shore manufacturers using out of date firmware worry me. They require that the user poke holes in their own firewalls or require a certain level of skill to setup properly,” he adds.
What are consumers’ concerns?
Hawthorn says he himself uses a lot of connected devices — “They make life easier,” he says — but he adds “I take some precautions. The more devices we add to our homes, networks, pockets, cars, and lives, the more data we are exposing to attack.”
For example, if your cloud-based security camera is compromised, an attacker could record everything said in your house. So it is a good idea to use a strong, unique password for your security cameras, and consider disabling audio recording.
It is also a good idea to log in to your account every now and then and note any unusual changes to your account or configuration, and evaluate if you need the cameras inside your house or other sensitive areas.
While the industry will need to respond with higher standards, Hawthorn says “until then” here are a few tips: Always change the default password of your devices, use strong and unique passwords on any supporting cloud services accounts, and never enable universal plug and play on your router or firewall unless you know what you are doing.
And if you’re one of those fortunate people who are savvy enough to manually setup port forwarding on your router or firewall, consider limiting the IP ranges that are allowed access. For example, if you will only ever access the device from your work, only add your work’s IP address to your firewall.
Finally, he says, don’t be afraid of the new. Update the firmware of your devices often. If the device supports auto-update, enable it. If not, check with the vendor’s web site often or sign up for their newsletter. Think about what the device collects and then think about the worst case scenario if that were to be available to anyone on the Internet.
As we continue to see increased connectivity, remember to follow these tips, he says. Hackers will have a difficult time finding anything useful to steal, if you remain alert to the threat.