Only a few years ago, smartphones swept across the world as forerunners in networking the world. Now that smartphones are a commonplace item, the latest trend has been to connect the world in terms of, well, pretty much anything else. The “Internet of Things”—referring to the present state of the internet, which is populated by smart and/or automated devices communicating through the Web— is a hot topic for both consumers and producers; it is estimated that by 2020, there will be 30.73 billion devices connected to the internet.
Devices on the IoT run the gamut, but discussions on it focus less on desk- or laptop devices and smartphones, and more on wearable tech, smart appliances, and smart home (or business) systems. These devices are new to the “smart” or internet-enabled category and there’s a lot of room for them to grow—including the aspect of security.
Put simply, smart devices are, in their current state, a huge security risk. Baby monitors can be hacked for eavesdropping, security cameras have been co-opted for use in DDoS attacks, and intelligence agencies can spy on you through smart TVs—which means that other parties can, too.
The Sorry State of IoT Security
This laughable level of security comes from a number of reasons, which are split across the production side and the user side. Understanding why it is the way it is, and what you can (and cannot) do about it is important to using these devices properly.
This early on, it should be noted that in their current state, smart appliances and wearable tech will be more susceptible to attacks than other devices that have been in the market longer. This stems from design practices and standards that simply don’t prioritize safety.
Many smart appliances use fairly simple computing devices to connect to the internet, relying on proprietary software that isn’t always thoroughly adapted. Thus, you end up with processors that can’t afford the reduction in speed or efficiency that stronger security would require, and/or software with poorly adapted code, which could be exploited by criminals or the government.
Unfortunately, not a lot of consumers are aware of these vulnerabilities. They trust that the devices’ makers guarantee their overall safety—which, to be fair, is something you would reasonably expect of a trusted manufacturer of appliances. Still, this leads to lax security practices on the part of users, which compounds the risk present from flimsy built-in security.
Smart Practices for Smart Devices
While you can’t do much about poor built-in security, there is quite a bit you can do about your overall network security practices. Most of the security threats in smart devices involve chinks in your networks’ armor—so anything you do to secure your network makes your IoT devices safer, and vice versa.
1) Planning and Purchasing
Smart devices and wearable tech don’t have much in the way of security customization, so once you buy an item, its security features are what you get. Given this, it’s important to thoroughly assess each item’s security features and decide if they’re safe enough for your network.
In general, it’s a good idea to keep your connectedness to the minimum. If you can maintain your lifestyle with a non-smart appliance rather than a smart one, do so. And if there are smart appliances that don’t need to be connected all the time, then don’t leave them connected all the time. For wearable tech, make sure you only connect to safe, restricted networks.
Also, never purchase used smart appliances. One security firm has demonstrated that something as relatively simple as a smart thermostat can be used to gain access to your home network.
2) Network Safety
One major issue with smart appliances is that they can act as a poorly secured backdoor to the rest of your network. To mitigate this, you can reduce the access to your larger network. You can set up a guest network and have smart appliances use this instead of the main network. Keep them from detecting other, more important devices on your home network, and they can’t be used to gain access to those as easily.
You can also protect the information on your network through the use of encryption. A virtual private network (VPN) establishes a secure connection between your devices and a server, preventing illicit monitoring by third parties. It also assigns you a different IP address based on the server’s location, which effectively conceals your own. In terms of information privacy, it’s a reliable, high-level solution that can make up for the openings that smart devices will introduce to the network.
3) Security Suites and Other Software
A VPN will protect your information from WiFi snoops and would-be eavesdroppers, but it can’t protect your system from malicious software that finds its way in. For that, you need a reliable and comprehensive suite of security software.
Major operating systems usually come with some built-in antivirus and anti-malware programs. These can be pretty effective, as long as you keep them up-to-date, but there’s also a range of free and paid security suites to choose from, which may offer other useful features. It’s good to explore your options, read reviews and run trials before settling on one or another.
It terms of rounding out your defenses, one thing you should consider is an on-demand anti-malware feature. This isn’t widely included in security software suites, so be sure to keep an eye out for it. Rather than focus on well-established threats, these security features focus on recent and emerging threats. This means, however, that they don’t usually maintain an extensive database of old threats and may leave gaps in your security on their own.
You can also improve your security by using ad blockers. Online ads are notoriously easy to use as sources of malware and sometimes, they can infect a device simply by loading—no clicks required. With a program that stops ads before they can even load, you protect yourself from that possibility.
Password managers can also be useful. Some smart devices and network equipment allow for passwords, but their default settings are ridiculously easy to crack. Password managers provide strong passwords and make it so you don’t need to remember them individually. This adds at least some strength to the otherwise weak security options in IoT devices.
The best way to stay protected, however, is to educate yourself on developments in IoT security and to update your security practices to match. Perhaps one day, smart appliances and wearable tech will reach a level of security similar to those in laptops and phones. Until then, you’ll have to rely on your own vigilance.
Chris San Filippo is a part of the marketing team at Hotspot Shield, one of the top ranked VPNs in the world. Hotspot Shield has over 500 million downloads and has helped users from over 200 countries fight for net neutrality and against censorship. Chris’s work has helped Hotspot Shield earn features in publications like Forbes, Bloomberg, and The Wall Street Journal. In addition to his job with Hotspot Shield, Chris also blogs about web security, cryptocurrencies, and social media trends.