Technology Reports:
The ‘Internet of Things’ & our security – Should we be worried?
Internet Security – Basic Recommendations
We all know that maintaining the security of our complex gadgets (computers, Smart Phones etc.) has become more and more important as the information that is held on them becomes more valuable to the so-
In an earlier section of this article, we highlighted the enhanced risk presented by the addition of low cost / low security ‘Internet of Things’ (IoT) devices to a home network.
If you are concerned about the security of your home network (and we all should be), then here are some of the things to look for and some of the simple ‘common-
-
Never, never, never leave the ‘Username’ and ‘Password’ set to their defaults (often ‘Admin’ and ‘Password’) – change both, if you can, to difficult to guess versions. A password in particular should be at least 8 characters long (longer still is better) and incorporate both lower case and upper case letters (not in obvious places), numbers and ‘special characters’ (e.g. # { + ~). As these more complex passwords are pretty much impossible to remember, make sure to store them in a secure place (there are some good applications for doing this on PCs, Macs and Smartphones).
-
It should hopefully go without saying, but never click on any link / attachment in an email, unless you were expecting such an email from a specific contact. Email accounts / address books can be hacked, email addresses can easily be ‘spoofed’ (made to appear to come from a particular address when they aren’t) and emails from trusted sources (e.g. banks, government agencies) can be faked.
-
Antivirus and Firewall software will only protect the device on which it is installed and is only useful if it is kept up-
-
Make sure that you are using the most secure encryption standard on your WiFi network – this is currently the WPA2 standard. Although all WiFi encryption standards have been ‘hacked’, to do so for the older WEP standard (and interim WPA standard) is trivial, whereas hacking a WPA2 network requires considerable time and effort. There are a number of recorded cases of hackers sitting outside an address and breaking into a home WiFi network with lax security.
-
Check regularly for software and firmware (the software that runs our devices) updates – more sophisticated equipment and programmes tend to do this automatically, but you may have to search the manufacturer’s website yourself for more basic devices. Always apply these updates / patches as soon as you can – 9 times out of 10, most of the changes in these updates are associated with security!
-
If possible, send / receive your emails using an encrypted protocol – check with your ISP or mail service provider for how to do this (typically using the ‘SSL’ protocol). This makes it very hard for 3rd parties to ‘eavesdrop’ on emails sent between your devices and your mail service provider’s server (which, after all, are travelling through the public internet).
-
When selecting IoT devices, look for those that require you to set up an account on the manufacturer’s website and for which any remote control ‘App’ does not require information on your own IP address (your unique address on the internet).
By routing everything through the manufacturer’s own servers you are placing an additional barrier between you and the ‘bad guys. It is also likely that a much higher level of security has been utilised here and that the security is as up-
For example, most of the Smart TVs on the market access all their available streaming services and the internet via the manufacturer’s own servers. Many IoT home heating devices also provide remote access via the manufacturer’s own website and communicate with their own custom ‘gateway’ device via a completely separate wireless network (i.e. not WiFi).
-
-
