Ah, December.
It’s the time of year when we go out and buy our friends, family and even ourselves (You know you’ve done it!!) brand new computers, phones, and *insert gizmo here*.
Connected devices, wearables, drones, and so many other tech gadgets are all making the holidays much more fun.
However if not configured or set up correctly, these devices could put your personal security and privacy at risk. They could even expose important personal and financial information.
Default credentials
Many of these devices are shipped with default usernames and passwords. This means that the default username and password combination is well-known by the manufacturer, and support people. It may even be written in documentation posted on the Internet.
Yikes. Because of this, it is important to change the default password and even the username, if you can.
If the device will allow you to use a passphrase, then even better! This will prevent anyone from being able to access your device if someone gets on your home network, or if it accidentally gets connected right to the internet.
If your device also connects to the cloud or an online component (i.e. you log into the manufacturers’ website to use it) its a good idea to change this password as well!
Default configurations
Normally the default configurations these devices are shipped in, are ready for you to use immediately. This means that any barrier to the shortest setup-and-go has been turned off.
Often most security features may be turned off, or be optional. It’s a good idea to acquaint yourself with all the features of your new device – security and otherwise. Acquainting yourself will help in understanding what the implications to your personal security and privacy are when each one is turned on and off. Then make the decision on which ones to turn on.
Some devices will also include administration portals or some advanced network administration tools. If you don’t have any intent to use these, turn them off. This will ensure an attacker can’t use them.
Connected directly to the Internet
Most connected devices out there aren’t mean to be connected directly to the Internet.
It’s easy to assume that when you plug the cable into your Internet router or connect the device to your home WiFi that it is only accessible to your home network.
Have you ever actually checked?
It’s important to understand what the internet needs are for your device and make sure that your router and network is configured properly. Any extra port forwarding or other settings are removed if not required.
If your device is accidentally left accessible on the Internet it could be easily accessed or hacked. This could expose important personal and financial information, be used as a gateway to access or hack other devices or computers in your home, or be used as a staging ground to hack others.
Two things that can also be overlooked here. First, ensure you’re using a strong passphrase or password on your wireless network. A weak one will only put your connected devices (and everything else on your network) at risk.
Second, do not put your devices on a guest or public WiFi network. Where devices are concerned, these networks can be just as bad as the internet.
Cloud connectivity
Devices now often include some type of cloud connection capabilities within them. This capability could be for extra features, or at times is required to use the device.
When you have a device that includes cloud connectivity, it’s important to understand what information is being sent to the cloud. This is to ensure you know what it’s being used for and how it’s being protected.
If your device is collecting personal, location or other sensitive information and it isn’t protected well, there is a risk it could be lost in a breach.
Start by reading any manuals that came with the device, the manufacturer’s website and Terms of Service and Privacy Policy documents, to start.
Ensure other computers and phones are secure
Do you connect to your device via an app on your phone, or from your computer?
If an attacker can compromise your other computers, they can take advantage of them to then attack your connected devices.
Update your connected devices
Check if the manufacturer of your device releases software or firmware updates. If they do, update the software and firmware as often as possible.
Software and firmware are only as good as the humans who create them. It’s easy for humans to accidentally introduce errors and security holes while writing software. Because of this, when manufacturers find these errors, they normally create an update to fix the issue. Updating the software allows you to get these fixes and plug any holes that an attacker could use.
It also will ensure you have the latest set of security features. Sometimes additional features can be released after you’ve purchased the device.
Wrapping it up
Connected devices are becoming much more popular. Not only are they fun, but they can make life much easier. However, they need to be used smartly. If they also collect personal or sensitive information or are left unsecured, they could be putting your online security and privacy at risk.
Photo by Alex Knight on Unsplash
