Today, everything is connected to Wi-Fi and we heavily rely on the Internet in general. This dependence has brought along IoT devices—a growing collection of gadgets and tools designed to collect, exchange and process information over the Internet to provide their users convenient access to an array of services and information. The devices are diverse and can range from security cameras, digital video recorders, printers, wearable devices, appliances and more.
However, IoT devices have also increasingly become a target for cyber-criminals. Hackers look for security vulnerabilities and install malicious software to control, damage or gain authorized access to the data on the device. These insecurities enable hackers to launch DDoS attacks by infecting an IoT device with malware, which is then able to coordinate with other devices to form a ‘botnet’—a large cluster of connected devices infected with malware that allows for remote control by an attacker. Essentially the infected device becomes a gateway to penetrate other electronic devices on the same network.
Gartner predicts in the next two years, “over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.”
THE GOOD NEWS?
The following measures can help you secure your IoT devices, data, and privacy from hackers and malicious malware:
1. RESEARCH THE DEVICE AND MANUFACTURER
Before purchasing the IoT device, ensure the manufacturer takes cybersecurity seriously. Check for the ability to change the password if the device requires one, some devices with default passwords do not allow them to be changed. Additionally, it’s important to see if the manufacturer will provide timely security updates and patches to combat new threats. Some devices can also be configured to automatically download security updates to ensure the latest protection is in place. Finally, make sure only to purchase devices from the manufacturer or trusted vendors.
2. SECURE THE DEVICE IMMEDIATELY AFTER PURCHASE
Many attacks on IoT devices result from people not changing the default password and username. As one of the first lines of defense from a hacker, leaving default credentials easily opens the invite to malicious botnets who frequently scan IoT systems that use factory-default information.
3. AT THE SAME TIME, CREATE STRONG PASSWORDS
When changing the default password, make sure to practice secure password hygiene. Consider using a combination of upper and lower case letters, numbers and symbols. Additionally, each device and router should have a unique password, too. If devices regularly connect to a network, it should use a firewall, strong password and media access control to limit other devices from accessing the network. To avoid using the same password for every device and router, try a password-management tool to maintain and safeguard the passwords instead of physically writing them down.
4. POWER CYCLE THE DEVICE
Malware used during cyber-attacks can be easily erased by disconnecting and reconnecting your devices from the power source. But once the device has run through the power cycle, be sure to repeat Step #2 above with resetting the default username and password. It is a good practice to do it at least once a month or even more frequently if your device contains a lot of sensitive data.
5. DISABLE UPnP
Many IoT devices have universal Plug n’ Play support which automatically opens virtual ports. These ports can create an opening in the router’s shield making the device discoverable on the Internet, and vulnerable to a malware attack.
6. INSTALL UPDATES WHEN AVAILABLE
Register your device for automated updates from the manufacturer or regularly check for new developments and patches if auto-updates are not available. It’s important to run the latest updates to protect against any new strains of malware and developers work to create the updates as they want to make their product more malware proof. Additionally, only install from known, reputable sites.
7. AVOID A SINGLE POINT OF FAILURE
One vulnerable device may allow an attacker to penetrate your entire network and access other devices on that network. To minimize the potential attack, check your router’s manual to segment the network. Segmenting prevents certain devices from accessing the whole network. For example, some networks offer “Guest” networks to keep visitors from infecting the system with malware. The more a network is segmented, the more difficult it is for hackers to access devices and information.