The 12 days of IoT security
The holidays are finally here! This past month, Minim celebrated with a 12 days of IoT security social media series, which rounded up our top smart home cybersecurity tips for a worry-free holiday season.
We hope that you learned a thing or two to #BeCyberSmart during the holidays and beyond, but in case you missed it, here's a recap of some of the most important takeaways so you can ensure that your new Amazon Alexa or smart thermostat won’t be putting your home network at risk!
Takeaway #1: Older IoT devices pose a greater risk than newer devices
The risk of a cyberattack increases the older an #IoT device remains in service. Upgrade older models to more secure editions, like #WiFi6 compatible devices. #12Days #LoveSafeWiFi https://t.co/8JQksaqfJx pic.twitter.com/W087W4TMBD— Minim (@MinimSecure) December 15, 2020
Internet-connected devices will always carry some degree of risk when connected to your home network, but the risk of a cyberattack is much higher with older models. Since IoT devices have access to exploitable data, including your personal information and information about other IoT devices you own, it’s vital to protect them. One way to do so is by regularly upgrading to newer models as they become available (and as your budget allows) — for example, swapping out a WiFi 4 router for one compatible with WiFi 6, which is more secure.
Takeaway #2: Some IoT vulnerabilities may be out of your control, but weak passwords aren’t
One of the most commonly exploited #IoT vulnerabilities is weak passwords. By changing the default credentials on their smart devices, consumers can protect their homes against threats from bad actors. #12Days #LoveSafeWiFihttps://t.co/5NFlGF7btN pic.twitter.com/FeNCwALxu5— Minim (@MinimSecure) December 17, 2020
With 1.4 billion connected-home devices expected to ship out by 2024 — and a lack of security features on a good portion of them — the risk of data breaches and botnet attacks is extremely high. In 2016, the Mirai Distributed Denial of Service (DDoS) attack against Dyn shut down about half the internet for a day by targeting 100,000’s of insecure, unmanaged IoT devices (cameras, doorbells, etc.) in residences. How did this happen? Many of these devices used default usernames and passwords that are easy to discover or guess. An easy way to prevent an attack like this from happening again is by changing the default password on your IoT devices to something stronger and more unique.
Takeaway #3: Maintain separate networks for your personal and work devices
Did you know that smart homes have an average of 104 cybersecurity threats per month? Keeping a separate, dedicated network channel for your #IoT devices will minimize the risk of an entire network becoming compromised. #12Days #LoveSafeWiFihttps://t.co/CwFuM5hAgP pic.twitter.com/uBvVLv2emM— Minim (@MinimSecure) December 18, 2020
Using separate SSIDs (networks) will protect work devices like PCs and iPhones from potential malware attacks that IoT devices are more vulnerable to. You might actually already be familiar with doing this; segmenting devices between the 2.4 GHz and 5 GHz channels on your home router is a well-known example. Minim’s Work-Life WiFi feature set is an even simpler approach as it enables work-from-home employees to seamlessly create separate Work and Home SSIDs to block communication between devices on the respective networks (AKA: increased security).
Takeaway #4: Update your IoT devices regularly (if you can)
With little built-in security features, #IoT devices are one of the top reasons home networks become compromised. Be sure to regularly update your internet-connected devices and use your Minim app to scan your home network for threats! #12Days #LoveSafeWiFi pic.twitter.com/X5pCYFoekU— Minim (@MinimSecure) December 21, 2020
Did you know that many IoT devices can’t be updated once they’re out of the manufacturer’s hands? Make a conscious effort to choose IoT devices from reputable brands, and be sure to check that each device can be updated through an app or automatically. If your IoT devices require manual configuration to be updated, you’ll want to check the manufacturer’s website for instructions on how to do so.
Takeaway #5: Only buy IoT devices that you know will keep your data secure
It's estimated that 854 million #IoT devices will be shipped by manufacturers by the end of 2020. Cisco projects that homes will have 13.6 IoT devices on average by 2022. Surveys show that only 9% of purchasers believe their IoT devices are secure. #12Days #LoveSafeWiFi pic.twitter.com/ck3Qfhj2i4— Minim (@MinimSecure) December 22, 2020
A Cisco survey of 3,000 U.S. participants found that only 9% of consumers believe their IoT devices are actually safe. Are they right? It depends on which smart devices are in their homes; some IoT devices are significantly more vulnerable to data breaches than others (e.g., the 2019 Symantec Internet Security Threat Report found that routers and smart cameras were the top targeted attack vectors in the home.)
Purchasing through reputable brands can help to minimize this risk of course, but it’s only half of the battle. Consumer configuration of the home network and any default passwords is equally as important as purchasing reputable devices to the data security of your home.
IoT security is an aspect often overlooked by consumers when it comes to protecting their smart homes. If you’ve purchased new smart devices this holiday season for friends, family members, or just for yourself, be sure to take these extra steps to protect your home.