March 31, 2021
Security Check: Simple Steps for Securing Your Smart Devices
Please read important disclosures HERE.
March 31, 2021
Please read important disclosures HERE.
Chances are you are never very far from a smartphone, tablet, or smartwatch. And it’s increasingly likely that you have at least one smart device (if not multiple) in your home — all designed to make your life easier and more efficient. Smartphones keep us connected with friends and family and allow us to access important accounts, bank online, or check a stock quote wherever we are; smart thermostats let us set the temperature of our home while we’re away; smart TVs provide access to a variety of entertainment via gaming and streaming; and video doorbells alert us when a package has been delivered.
But does all that convenience come at the risk of your security and privacy?
These web-enabled smart devices, which transmit information over wireless networks, are built with sensors that track, collect, and store various kinds of data, including personal information such as your name, age, exercise habits, music preferences, login credentials, where you live, when you’re home, etc. All of this information is a goldmine for the makers of these smart devices, who often share this data with third-party companies. This means your personal information is likely in the hands of far more people than you realize. With all of that information about you out there it also means you’re more vulnerable to attacks from cybercriminals who want to hack your bank account, spy on you, or steal your credit card — or even worse — your identity.
While these devices may expose you to security and privacy risks, there are simple actions you can do to help protect your devices. Taking the time to secure your smart devices will allow you to enjoy the convenience they provide while giving you peace of mind that you have taken steps to help keep your private information private.
Securing Your Smartphone
When considering the security on your smart devices, it’s best to start by prioritizing the security on your smartphone because it is likely the device you use most often. It also serves as the hub for other smart devices, many of which can be controlled remotely by your smartphone via a mobile app. Follow these best practices to help keep your smartphone secure.
Lock your phone with a passcode. Most smartphones require you to choose a passcode during setup so that your phone cannot be unlocked without it. If you haven’t already established a passcode, go into your phone’s security settings and create one. Some security experts recommend creating passcodes of at least 10 characters, as short codes are easier to hack. Additionally, enable the facial or fingerprint recognition features (if your phone has them) for an additional layer of security.
Enable automatic updates. Updating your phone’s operating system regularly is not only critical to fixing bugs and resolving performance issues but also keeping your phone protected from the latest security threats, as cybercriminals often target hardware that’s running outdated software. Manufacturers periodically issue “security patches,” which are small pieces of software that fix detected security flaws or vulnerabilities. Worried you’ll miss an important update? Enable automatic updates for your phone’s operating system (and all of your apps) so you’ll always have the latest security updates installed on your phone.
Limit app permissions. It’s likely that you’ve got a lot of apps downloaded to your phone — whether they’re apps for games, home smart devices, music subscription services, or banking services to name a few. Many applications request permission to access your hardware features and personal data when you install them. However, not all of these apps require this access to function properly. In fact, many don’t. Be mindful to only give permission to apps that actually need it. Further, only download apps from your phone’s designated app store, as apps from third-party stores may contain malware.
Avoid public Wi-Fi networks or use a virtual private network. Nowadays public or unsecured Wi-Fi networks are everywhere — hotels, airports, coffee shops, and even supermarkets. While they are certainly convenient for accessing the internet on the go, they pose a significant security risk. Many hackers take advantage of poor public Wi-Fi security to capture your incoming and outgoing traffic, including credit card information, payment details, and login credentials. They may even install malware or spyware on your device via the unsecure network. It’s best to avoid public networks whenever possible. If public Wi-Fi is necessary, use a virtual private network (which uses a public connection to create a secure private network) so your data cannot be intercepted. It’s also wise to avoid publicly available charging stations or USB ports as they may contain malware designed to steal your information. Lastly, some phones may be set to automatically connect to these public networks when you are in close proximity to them so be sure to disable this feature in your phone’s connectivity settings.
Establish a passcode with your mobile carrier. To create additional security, many companies (such as email providers, banks, or social media companies) use your phone number to verify that it’s you when you log in to their sites. They may send a text message to your phone number with a one-time verification code to enter before giving you access to your account. Cybercriminals have gotten increasingly sophisticated, however, and have figured out ways to steal your phone number to intercept these verification passcodes, which would then allow them access to your accounts. Add a layer of protection to your phone number and SIM card by establishing a passcode on your mobile carrier account. Any person attempting to hijack your number would have to know this passcode in order to make changes to your account, including transferring your number to another device.
Protecting Your Other Smart Devices
Once you’ve beefed up your phone’s security, you’ll want to do the same for your home network and other connected devices. Here are some simple actions to take:
Put security at the top of your list when shopping for a smart device. Consumers often focus on a product’s features, price, or appearance rather than the device’s security capabilities. However, security should play an important role in all your purchasing decisions. Research the manufacturer and find out if the company’s products have a history of security flaws, whether the provider will store your data or sell it to a third party, and what the company’s privacy policies are, especially for products that require a service. You’ll also want to review how updates are enabled on the device. Shopping wisely can help you feel more confident that you’re not inadvertently bringing a security risk into your home.
Use complex passwords and multifactor authentication (MFA). If a smart device comes with a default password, be sure to reset it. Use a unique password that you don’t use for other accounts. Better yet, employ a password manager to randomly generate difficult passwords and remember them for you. Does your device have an option for MFA? If so, take the time to set it up as it significantly boosts the security on your device.
Install all security updates. Like with your smartphone, it’s important to keep the software on all of your connected devices up to date. Those security patches are critical in protecting you from both known and suspected security vulnerabilities.
Configure your smart speaker settings. Know that if you have voice-activated speakers, they could be listening to and recording your conversations without your knowledge. Many of these devices are designed to begin recording after hearing a particular command, such as “Hey, Siri” or “OK, Google,” but they often turn on in response to similar-sounding phrases. While the glitch may be unintentional, there’s no way to know how much of a conversation was recorded. While you may not be able to control the internal recording function, you can mute the speaker when you’re not using it. Of course, this also requires you to unmute it before giving voice-activated commands. Furthermore, many of these speaker platforms allow you to see what was recorded and manually delete it.
Turn off data sharing. When you set up your smart device for the first time, review the data sharing settings. It’s important to know what type of information is being collected and how it is being used. Many manufacturers use default settings that tend toward data collection and sharing. You should be able to turn off some of these settings without impacting the operation of the device. Depending on the device, you may also be able to opt out of certain types of data collection.
Secure your home network. Securing your Wi-Fi router is another crucial step in protecting your information, as your home network connects all of your smart devices to the internet. Avoid using the router’s default name (often called the SSID or service set identifier), such as brand and model number, and preset passwords, as cybercriminals often know the default login and password information and can easily break into your network. To deter criminal activity, choose a unique and unidentifiable name and always use the highest encryption level available (currently WPA2) to mitigate any potential risk.
Create a secondary network for guests. If you often have guests in your home, you might consider setting up a secondary network for guest use so as to limit access to your smart devices. It’s not likely someone you know would intentionally target you, but their devices could be compromised and spread malware across your network. Or, instead, you might create a wireless home network dedicated only to your smart devices, and which only you can access.
Pare down your devices. The more connected devices you own, the more security risks you face. Take inventory of what you own and get rid of those things you don’t really use or need. If you do choose to sell, discard, or recycle any unused devices, be sure you delete all of your personal information first, including signing out of all of your accounts. That way someone cannot extract or access your data from the discarded device.