10 Ways to Keep Your Personal Info Private and Secure in Today’s Connected World
Here’s how to secure your connected devices
From smart fridges to connected teddy bears, TVs, thermostats and many more, internet-enabled consumer devices continue to grow in popularity. By 2020, the world will have more than 200 billion connected devices, most of them in our homes, according to Intel.
The idea of criminals spying on us through our devices gives us the chills, but it can happen. One example is the Cayla doll, which went to market with such serious security flaws that German authorities banned it.
problem is if security on these Internet of Things (IoT) devices is poor to
begin with or neglected, the devices can be hacked to conduct denial of service
and other attacks.
there are things consumers can do.
1. Secure your modem and router. The U.S. Federal Trade Commission advises:
- Change the name of your router from the default.
- Change your router's pre-set password(s).
- Turn off any “Remote Management” features.
- Log out as administrator once you’ve set up your router.
- Keep your router up-to-date with new firmware, as it’s released. Check the manufacturer’s website periodically for new releases.
- Use encryption like WPA2 or the new WPA3 and require users to enter a password to connect to your network.
2. Avoid buying something with connectivity if you don’t need the connectivity.
sometimes that is not possible, because today’s products may have a feature set
that includes connectivity that comes automatically,” explains Andrew Jamieson, technology and security director at UL.
3. Therefore, understand
the connectivity of the product when making the purchase decision, Jamieson says, and what implications that has for your privacy. This includes
knowing that if you don’t want that connectivity, can you turn it off? What
does it mean if you turn the connectivity off? Can you still use it? Can you
change the password? How secure is it?
This also means considering whether certain products, especially connected dolls and other children’s toys, are worth the risks. According to the FBI, “Companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, internet use history, and internet addresses/IPs. The exposure of such information could create opportunities for child identity fraud.” Here are some additional considerations and security precautions for connected toys.
4. Put IoT devices on their own special guest network. That way, if an IoT device gets hacked, the entire network isn’t compromised. Check your router’s manual, or the manufacturer’s web site, for details on setting up a guest network.
5. When you buy a connected
device, update the device with a good password. Then, continue to
maintain the security by patching them with new security patches that the
manufacturers roll out, Jamieson says.
when it comes to passwords, never use a password in more than one place. This
can be difficult because we have so many passwords, so consider using password
keeper app. Or, write down the password and store it in your house.
know everyone has told you not to, but you are more secure writing down a strong,
unique password and keeping it somewhere in your house, than you are using a standard
password across the web,” says Jamieson. “If you’re storing
the password in your house, the threat model is that someone has to break into
your house, find the book it’s stored in, understand it’s valuable and
understand the service it’s tied to.”
adds: “Also, try putting your email into the services at Have I been Pwnd, which will let you know if your
details have been involved in one of the data breaches that have occurred
6. If your service/product
offers multi-factor authentication (MFA), consider enabling the MFA.
a new authentication process called fast ID online (FIDO) that’s strong and
robust. That’s something you can look to. You can use physical security keys to
log into devices,” Jamieson points out.
Other MFA can include short message services, which sends you a text or email with a code that you must enter along with your password.
off any cameras and microphones in devices when not in use. This is so that the devices
don’t accidently record because of misheard commands.
Protect your data, as companies are capturing your data and, often, selling it.
“There’s a common saying that if the product or
service is free, then you are the product/service. If you’re not paying
for it, you’re paying for it through your data and time,” Jamieson says. “Photos;
documents; information on bike-sharing or scooter-sharing services of when you’re
going, how you’re going, and where you’re going – it’s all collected and shared.
Think about the information you’re giving out. It might not be personal to you,
which is fine, but the data may be quite sensitive. It may be where you live,
where and what type of doctor you’re visiting, or when your home is empty.
Also, it can be used outside of the context in which you shared it by aggregating
multiple sets of data, which is something to take into consideration before you
put your information out there.”
Bottom line: Understand what it’s being used for,
and if it’s being shared and how it’s being shared. Do your due diligence to
the extent you can.
why a product is priced as it is. For instance, if a connected teddy bear is priced
$10 more than a different brand, perhaps that extra money is because the
higher-priced product is more secure, and since it’s going into your kids’
room, that extra money might be worth it to you, Jamieson explains.
Price doesn’t always reflect security, but in the
case of connected devices, it may, which brings you to the next step.
a manufacturer known for security. Research the manufacturer. Read Consumer Reports and other reviews of the
manufacturer and product to learn about the manufacturer’s reputation for
security and about the security of the product itself.
UL offers a series of Standards within UL 2900 to assess security of connected
devices. These Standards apply mainly to medical and industrial devices, with
the end goal to confirm
that the devices adhere to applicable security Standards. Manufacturers must resubmit
their product every year for new testing, since security threats evolve.
“We hope that in the future, we can create
Standards meant to assess the security risk profile of consumer products too,
and be part of the consumer’s purchase decision in terms of security the same
way UL Standards are with safety,” Jamieson says.
To that end, UL is working on this. You can stay up
to date by checking for information on consumer product safety by using the
keyword search “CYBR” at this website.
With the proliferation of connected devices
throughout our homes, protecting your data is more important than ever, and so
is following these steps.