News and articles

Securing your office smart devices

The smart device industry is booming and is set to continue growing so rapidly that by 2025 there will be an estimated 152,200 Internet of Things (IoT) devices connecting to the internet per minute.

Your office might use a smart security system to keep your office secure out of hours, or smart bulbs and thermostats to keep your office comfortable and more energy efficient. Digital assistants, smart watches, fitness trackers, refrigerators, doorbells are all on the list – and it’s not just your office, your own home too.

Whilst these smart devices can bring many benefits, you may overlook the increased security risk they bring, or how much of your personal data is being collected.

Financial institutions are a goldmine for cybercriminals, and with a 74% increase in cyberattacks reported in the last 12 months, there’s no signs of let up. There’s already been several cases of hackers managing to control webcams, cameras on laptops, and baby monitors. Like in 2019 when a man hacked a family’s Ring camera and tormented their 8-year-old in her bedroom through a compromised and reused password.

Device manufactures make this easy, providing low hanging fruit through devices with default (or no) passwords, whilst websites like Shodan – which is a tool that lets anyone search for IoT devices connected to the internet – make it easy for someone to connect to your device at random.

There is even a spin off website called Shodan Safari which shares some of the worst and most shocking unprotected, and publicly available IoT devices, from an explosive residue detector at Heathrow Airport’s Terminal 3 to pharmacy prescription systems.

So how can you make sure your smart device is safe?

#1 Start by securing your office network

Using default settings on your router is like leaving your front door unlocked. A quick google search will list an array of routers and their default Username and Passwords, if you don’t change these credentials, you’re leaving yourself, and your network, open to attack. Don’t use a name or password associated to you or your address, use a password manager if you need help with setting (and remembering) unique passwords. Each device will differ but here is an example of how to change your Wi-Fi networks name and password.

#2 Secure the individual devices connecting to your Wi-Fi network

Review your accounts to ensure each device connecting to your home network uses a unique password. Reusing the same password across multiple devices, means that once that password is compromised, additional devices are also at risk.

#3 Enable Multi-Factor Authentication (MFA)

MFA is one the simplest and most effective ways to protect your data, and many IoT companies are introducing MFA to overcome the privacy and security scandals that have dominated the industry in recent years. With MFA enabled, a password alone will not be enough to provide access to your device.

#4 Check the default security and privacy settings

Many connected devices are supported by mobile apps on your phone. Check the settings and disable the additional features that you aren’t using to reduce your security risk. Know what kind of personal information those apps are collecting and say “no” to privilege requests that don’t make sense.

#5 Keep your device(s) updated

Make sure all your devices are updated regularly. If automatic updates are available for software, hardware, and operating systems, turn them on.

#6 Setup a secondary Guest network

A 2019 FBI warning stated that “your fridge and your laptop should not be on the same network. Keep your most private, sensitive data on a separate system from your other IoT devices”. An easy way to do this is to setup a guest network (which uses a different password to your primary network) for your IoT devices, meaning if a hacker compromises one of your devices, they will be on the guest network and won’t be able to control your primary network.

The ball is in your court

Take the time to research IoT device security before buying, rather than just looking at the functionality. If an IoT doesn’t let you change default username or password, consider purchasing a different device.