Protecting IoT devices from cyberattacks

Earlier this month, a parent’s worse nightmare came true for a Mississippi family when a hacker gained access to a Ring security camera. The hacker was able to speak through the camera, which was installed in the LeMay family’s daughters’ shared bedroom, and torment their 8-year-old daughter, including telling her he was Santa Clause and playing eerie music from the horror movie “Insidious.”

Frighteningly, this is not an isolated event. Also recently, a Florida man’s Ring system was compromised by a hacker who taunted him and a responding police officer who was called to the home to investigate.

Internet of Things (IoT) devices, such as smart TVs, smart appliances and internet-connected security systems, are rapidly becoming more prevalent around the world. A survey by the IHS estimates that 75.44 billion connected devices will be installed worldwide by 2025.

Protecting IoT devices

With the gift-giving season arriving shortly, more of these connected devices will arrive in homes and businesses across the U.S., amplifying the need to educate home and business owners about the risks of a cyberattack and the ways to prevent one.

Darren McGraw at Mechelsen Private Client; Erika Close at PayneWest Insurance; and Brenda Weaver at Aon Private Risk Management, all ACPRIA candidates from the Private Risk Management Association, offer 12 key tips for protecting IoT devices from cyberattacks.

1. Always update software/firmware when an update becomes available. Performing updates on IoT devices can be a hassle, but the ten minutes it would take to update software may protect privacy.
2. Keep all devices physically secure. Don’t leave devices laying around without password and/or biometric protection.
3. Don’t stay connected to the internet when not needed. Keeping devices connected to the internet when not in use gives more exposure to potential attacks.
4. Use very strong passwords and a unique password for each device. Using family and pet names for passwords makes the cybersecurity thieves’ job very easy. Create strong passwords using random letters, numbers, and symbols, or consider using a password generator app to create a new password every time to log in.
5. Change factory-set passwords upon first use of the IoT devices and home Wi-Fi networks. 
6. Use two-factor authentication. The more layers of defense, the better.
7. Limit the permissions given to applications to only things needed for the application to function. Does the refrigerator need to use location services? Should a child’s toy use ambient listening? Whether it’s an Android or Apple device, check permissions given for applications in the settings.
8. Create separate networks on the Wi-Fi for guests and personal usage.
9. Make use of personal VPN services. Personal VPN services can be very inexpensive and effective in “hiding” devices from predators on the internet. Consider putting a VPN on personal cell phones and computing devices.
10. Use particular caution when providing children with toys and devices that have internet connectivity. Does the child’s teddy bear really need to be connected to the internet? There are toys that encourage children to talk to the toy and share their secrets. This information can be hacked for nefarious purposes and used against children. These toys are not the Teddy Ruxpins of yesteryear!
11. Beware of public Wi-Fi, charging stations, and rental cars. If it is necessary to use public Wi-Fi, only do so through a VPN. Public charging stations, such as those in airports and USB ports in rental cars, can be infected by malware by the previous user.
12. Be diligent. The biggest threat when using IoT devices is the user themselves. Don’t let your guard down and always put safety above convenience.

Related: 

• How smart are the risks we’re taking?
• How IoT is changing the definition of home security
• What insurers need to know about the downside of ‘IoT’