5 steps to secure IoT gifts this holiday season

On the first day of Christmas, my true love gave to me: a device that really didn’t need to be IoT.

He sees you when you’re sleeping. He knows when you’re awake. He knows if you’ve been bad or good so be good for goodness sake!

If you think you know where I’m going with this, I’m not talking about a large man in a red suit who will bring you gifts.

This holiday season, connected gifts of all kinds will be under thousands of trees across Canada. And while they bring with them a lot of great benefits (who doesn’t need a Bluetooth-enabled toaster?), many of these devices have significant security issues.

In fact, Internet of Things (IoT) devices are increasingly being targeted by hackers as the weak point of any home or enterprise security network. In the first half of 2017, IoT hacks were up 280 per cent, and Gartner anticipates that by 2020 one-third of all hacks may target these devices.

With all that said, you’re probably still going to end up with a smart speaker, Wi-Fi thermostat or connected toy under your tree. So how can you protect yourself? One of the reasons that IoT devices are often so insecure is because they are not actively managed. Unlike our smartphones or laptops, we have a tendency to forget that IoT devices are actually connected to the network. In addition, IoT device manufacturers unfortunately don’t always take security as seriously as they would on user-controlled device. This situation leaves IoT devices particularly vulnerable to attacks.

There are always tradeoffs when it comes to convenience and security, having a microphone listening to you for a keyword means a microphone is always listening to you. A location-aware device means that not only can the device know where it is, a hacker can as well.

So to help you sleep a little easier this holiday season, here are a few simple steps you can take to protect yourself from your voice-activated speaker, always-on home video monitor, or a rubber duckie that connects to an app where you can download lullabies –yes, you heard that right.

  1. After you unbox your shiny new IoT device this holiday season, the first thing you should do (after playing with it for 15 minutes) is see if there is a software or firmware update available. Making sure your device is updated to the latest version can ensure any security vulnerabilities are taken care of.
  2. Don’t buy or use any device that cannot receive firmware updates, change passwords, or update network settings. These devices could have a security breach so big that Santa could comfortably fit through.
  3. Change the default username and password on your device. Most manufacturers will provide you with login settings to get started, they shouldn’t last ‘til Boxing Day.
  4. Give each IoT device a strong, unique password. Don’t reuse passwords, and since you won’t be accessing them often, don’t worry about your password being easy to remember. Use a password manager and make each one difficult to guess.
  5. Change your IoT passwords at least once a year, and check for firmware updates while you’re at it. Make it part of your spring cleaning, your new year’s resolutions (the ones you keep), or time it when you change your furnace filter.

Always remember, anything can be hacked. So in addition to these tips, always consider what data and information these devices know about you, and how that may impact your family’s security and risk management.

If you are looking for a great IoT gift guide, The Mozilla Foundation has a great resource called *privacy not included with a ton great recommendations to make connected gifts safer, easier and way more fun.

Blog navigation