CIS Logo
tagline: Confidence in the Connected World

6 Simple Tips for Securing IoT Devices

IoT devices are quickly becoming features in our homes and businesses, like connected kitchen gadgets, security monitoring systems, and drones. Read on to learn how you can keep these devices secure from cyber threats and vulnerabilities.

Security monitoring systems

Use caution when investing in one of the various “smart locks” on the market. Investigate the strength of the system’s security mechanisms before purchasing. Having your front door opened by a malicious attacker can be troubling – and being locked in or out of the house due to a malfunction can be frustrating. Home thermostats and security systems are other popular items in this category. When installing, be sure to change the default password to something unique and complex. A security system with default passwords isn’t very secure at all.

Daily tip: Do Not Share Your Password

Connected kitchen devices

The newest kitchen gear often comes with an app to help ensure your meal comes out perfect. Sous vide devices, crock-pots, and large appliances like refrigerators all come “smart” these days. To stay secure, consider creating a separate wireless network in your home just for IoT devices. By using separate wireless networks, you’ll ensure sensitive data like banking credentials and saved social media accounts stay separate from IoT data. Never connect a “smart” gadget to your other personal devices that have sensitive information.

Laptops and tablets

Anytime you receive a new personal laptop or tablet, ensure your default user account is non-administrative. By using a “locked down” account with fewer privileges, you limit the damage that a cybercriminal could do if your credentials were ever leaked or stolen. For everyday activities like web browsing and playing games, an admin account with full program installation privileges is unnecessary. To keep your machine running smoothly over time, use caution before installing new software applications. Ensure any applications you install are from a trusted source.

Home assistants

Once a distant vision of the future, home assistants are now available for under $30. These voice-controlled devices help with everything from quick internet searches to home automation projects. However, their well-known “wake words” - “Hey Alexa!” “OK, Google!” – are also a security weak point. Imagine a home invader being able to lock doors or turn off lights with a simple voice command. Consider changing the nickname on your home assistant from the pre-installed default to something only you and your family know.

Gaming devices and drones

Gaming has become ubiquitous, with titles like Fortnite surging in popularity across mobile devices, gaming platforms, and PCs. No matter what or how you play, protect sensitive credit card information by never saving it onto a console or within a mobile gaming application. This will protect against accidental purchases and malicious credit card theft. Drones of all types – from toys to hobby investments – are another hot item this year. Be sure to update your drone with the latest security patches before flying, and change the default password.

Bluetooth headphones and phone accessories

From embedded smart assistants to sophisticated touch controls, headphones are getting more complex each year. You should start secure by choosing any Bluetooth or wi-fi connected smartphone accessory carefully. Select a reputable vendor whose products you trust won’t come with malware or bloatware. Stay secure by only connecting accessories to devices you know. Never store personal information on a Bluetooth or wi-fi enabled smart accessory which may be connected to others’ personal devices.

Staying secure in a connected world

Our ever-growing, interconnected world is an exciting place where you can turn off your stove from the office, set a reminder from your headphones, and compete in global gaming challenges anywhere, anytime. The expanding possibilities also carry the responsibility to protect our personal information and data. By practicing strong security habits like using strong passwords and connecting with caution, we can keep cyber space safe for all. The CIS Controls™, when implemented, can help improve your IoT environments' security posture. They're a consensus-developed security standard used by organizations around the world to mitigate against cyber attacks.