These days, more and more individuals and businesses are using web-connected devices that make life a little easier and also enhance company efficiency. But these so-called Internet of Things (IoT) devices—just like computers and smartphones—pose security risks to consumers by cyber criminals who are constantly looking for vulnerabilities to exploit for their own gain.
What are some examples of these IoT devices? They range from thermostats, front door locks, garage door openers, webcams, and coffee makers to security systems, medical devices like heart monitors, smart TVs and refrigerators, automatic devices that control lighting, office equipment like printers, fuel monitoring systems, even baby monitors.
What’s the danger from a cyber criminal who gains access to your thermostat or coffee maker? Maybe uncomfortable temperatures or cold coffee, but more importantly, once cyber criminals find a way into your home or business through cyberspace, they can move laterally and compromise your network devices, including routers, laptops, phones, tablets, and hard drives to steal your personally identifiable information, identify bank account logins and credit card numbers, send malicious and spam e-mails, abscond with proprietary business information, interfere with business transactions, engage in digital eavesdropping, etc.
Obviously, there are IoT devices that, if accessed, could result in physical safety threats—unlocked front doors, compromised medical devices, and disabled security systems are just a few examples. But these, like any device connected to the Internet, can serve as jumping off points for hackers and other cyber criminals to get at your most sensitive files and information.
So how can consumers minimize these risks?
- Understand your IoT devices. Many come with default passwords or open Wi-Fi connections, so change to a strong password and only allow the device to operate on a network with a secured Wi-Fi router.
- Protect your Wi-Fi networks—set up firewalls and use strong, complex passwords, and consider using media access control address filtering to limit the devices able to access your network.
- Many routers give you the option to set up more than one network—if yours does, separate your computing devices from your IoT devices and spread them throughout several different networks. That way, if cyber criminals break into one network, the damage they do will only be limited to the devices on that one network.
- Disable the Universal Plug and Play protocol (UPnP) on your router—UPnP can be exploited to access many IoT devices.
- Purchase IoT devices from manufacturers with a track record of providing secure devices, and set your devices for automatic updates when available.
The above is an excerpt adapted from the article, “Cyber Tip: Be Vigilant with Your Internet of Things (IoT) Devices National Cyber Security Awareness Month.” For more information, please visit www.fbi.gov.