Securing IoT networks and devices

First off, lock the front door – that is, secure your router. If a hacker gets control of your router, they’ll be able to control your network and that means they can control any device in your house, from the door locks to your computer.

  • Change the name and password of the router. Don’t use default settings. Routers are often named after the manufacturer or the network that you’re using – that gives hackers an important clue to how to get access. It’s also a good idea to avoid using your own name, or your address – again, useful clues to someone who’s trying to get into your network.
  • Use strong passwords, that is, random passwords containing a mix of letters, characters and symbols.
  • Avoid using public Wi-Fi when you’re accessing your IoT network through your laptop or smartphone. It’s relatively easy to break into the kinds of Wi-Fi networks offered in many coffee shops and hotels. Use a Virtual Private Network (VPN) like Kaspersky’s VPN Secure Connection. A VPN gives you a private, encrypted gateway to the internet and stops eavesdroppers from being able to intercept your communications.
  • Start using guest networks. It’s a great idea to use a guest network for visitors who want to use your Wi-Fi at home; it doesn’t give them access to the main network or to your email and other accounts. You can also use a guest network for your IoT devices. That means even if a hacker compromises one of your devices, they will be stuck in the guest network — they won’t be able to get control of your main internet access.
  • Use a strong encryption method like WPA for Wi-Fi access.
  • Take special care to secure the top-level control of your IoT network. It’s not a bad idea to use two-factor authentication, using biometrics, a pass card or a dongle to ensure that a hacker won’t be able to produce both proofs of identity required.

Once the network and access methods are secure, you need to put some work into securing each individual IoT device. Again, changing the default username and password is your best first move. If a device doesn’t let you do this, it’s a glaring hole in your defenses — buy a different device. In fact, when you’re buying smart home devices, you should take IoT device security issues into account when you’re making a purchase decision, rather than just looking at the functionality.

Each of your IoT devices also needs a different password. Hackers typically break into a network from one device and then try to expand their control to other devices. If all your IoT fridges and coffee makers have different names from the heating controls and the door locks, a hacker will find expanding their footprint in your IoT network next to impossible.

Now check the default security and privacy settings. If there’s something you don’t want the device to be able to do, or to record, you may be able to disable it. You may decide that you want the microphones on some devices switched off, for instance, if you don’t want to use voice control on them. That will stop anyone listening in on your conversations.

Disabling features, you don’t want reduces the security risk of leaving remote access or voice control open. You may decide that some devices aren’t worth connecting. If internet connectivity doesn’t add a positive benefit, you can simply turn it off.

There’s another feature that you should turn off, and that’s Universal Plug and Play (UPnP). This is intended to help devices automatically discover each other, a bit like Plug and Play on a PC which can automatically install peripherals, such as printers and external drives. But you’re probably not going to move your devices around a whole lot, so UPnP probably isn’t very useful. On the other hand, it’s a big security risk, as vulnerabilities in the protocol can help hackers discover the devices from outside the network.