Internet connected smart devices for the home offer a range of compelling conveniences designed to make lives even simpler, but they come with a catch.
It's up to you to stay on top of security.
The consequence of not paying attention could be compromised privacy for you, your family and even your workplace.
Whether it's a smart television set, lights, locks, thermostats, appliances or security cameras, these devices can be turned against you and others to steal information, create fear or uncertainty or commit cyber crimes against others.
Step 1: Create an inventory
Create a simple spreadsheet for your home. In the first column, list all of the Internet connected devices you own such as:
- Smart Door Locks
- Smart Thermostats, such as Nest
- Smart Speakers, such as Apple HomePod, Google Home or Amazon Alexa
- Smart Weight Scales (yes, they are thing)
- Smart Power Outlets
- Smart appliances, such as Smart Refrigerators
- Internet-connected security cameras or baby monitors
- Home computers (desktops, laptops)
- Your home router(s) and Wi-Fi access points
- Smartphones and tablets
- Smart watches
- Smart Televisions (any TV that has Wi-Fi access or built-in apps)
- Set-top boxes, such as AppleTV, Google Chromecast or Roku
- Smart light,s such as Philips Hue
Create additional columns that cover the following:
- Purchase Date. When you purchased them
- Make and Software version
- For computers, tablets and smartphones, the device maker and operating system (Windows 10, Mac OS, Android and the version they're running. For smart devices the device maker and any software version information you can find.
- Does the device allow for auto-updates and have you turned it on?
- Most Recent Update Date
- Accounts Associated
- Is the device tied to an AppleID, Amazon or Google Account? If so, detail the account and ideally turn on two factor (2FA) authentication if available. The last thing you want is someone breaking into your online account and then using it to control your devices.
Step 2: Proactive Reviewing and Updating
Create a calendar reminder, ideally monthly but at least quarterly, to review and update your inventory. For devices that don't have auto-updates, this is your chance to check for the latest patches or updates and install them.
Check the online accounts any devices are associated with to ensure they have a strong, unique password and that two-factor authentication, if available, is enabled.
Treat checking on the security and privacy of your smart devices like you would checking the functioning of your fire alarms in your home.
It should be a routine task you do.
If you're not prepared to stay on top of your smart devices, don't buy them and install them in your home, because no one else is going to do it for you. The companies that made the devices are seldom - if ever - accountable for your privacy and security and severely restrict any liability they have to you in the terms of service for your devices.
Step 3: Isolating Smart Devices where possible
Consider setting up a separate Wi-Fi network or virtual local access network (VLAN) that can separate your home computers, smartphones and tablets from any other devices such as smart lights, locks or thermostats.
Step 4: Replacement planning
Eventually your device maker will stop offering updates. That doesn't mean it fixed all problems. It means they're no longer going to fix them. You need to stay on top of when support ends for your devices and if they can't be upgraded any longer, you need to plan on replacing them.
Think carefully about the balance between your privacy and security as well as convenience. Before buying a smart device, review the terms of service to see what your responsibilities are as the owner and what data is - or could be - collected about you.
Thinking about the motivations behind why firms are offering some smart devices and how these devices may use data you knowingly - or unknowingly - provide to sell you goods and services which may or may not be to your entire benefit.
David Shipley is the CEO and Co-Founder of Beauceron Security Inc., a New Brunswick-based cybersecurity software firm with clients across North America. David is a certified information security manager and frequently writes and speaks about cybersecurity issues across North America.