How to protect your smart home

The Smart Home is incredibly convenient.

It gives us the capability to remotely control the lights and temperature of our home, lock and unlock doors, turn on or off the television and interact with our house in a whole new way.

But that doesn’t mean we are necessarily smart about our home.

Canadians like to be connected, but recent research indicates we are largely unaware of the threats posed by connecting our lives to the digital landscape. Last fall, ESET surveyed 2,000 Canadians on the Internet of Things (IoT), their connectivity and their knowledge about protecting themselves from risk.

The results are concerning.

While we happily carry devices in our pockets that can access the wealth of human knowledge, we could do with some education on how we can make sure our personal information is secure. Nearly eight in 10 Canadians say they have up to 10 connected devices in their homes, but 28 per cent say they have no concerns about cybercriminals accessing their home network, and another third admit they don’t know if they should be concerned.

The reality is we should be concerned, and there are steps we should all be taking to secure our home networks.

Secure your router

At the heart of your smart home — and your first line of defense — is your router. It not only provides the Wi-Fi on which all of your other connected devices depend, it is also the gateway through which all of your data traffic and information passes.

Ironically, the wider variety of functions your router has, the greater the risk that it can be compromised.

The first thing you should do with a new router is set a personalized username and pick a strong and unique password — a minimum of 10 characters, with a mix of lower- and upper-case letters, numbers and symbols.

It seems obvious, but 25 per cent of Canadians have not changed the password on their router from the factory setting, and more than a third aren’t sure if they have or not. This is a must.

Update firmware

Firmware is the system that makes all of your IoT devices and router do what they are supposed to do. But while the operating system in a computer or smart phone is likely to update automatically, that is not the case for all IoT devices. Every connected device has firmware, and you should be checking the websites of your devices regularly for updates.

Recently, ESET researchers discovered Kr00k, a defect that made more than one billion connected devices around the world vulnerable to a cyberattack. In most cases, a firmware update will address the defect, but people should check with their manufacturer to make sure all of their devices are running the latest firmware.

Establish internal networks

Use the feature on your router to set up different networks and organize your devices into different segments to protect threats.

Separate the elements of your smart home — like connected cameras, thermostat controls and doorbells — from those devices likely to contain your most sensitive data, such as your mobile phone and laptop or tablet.

It is also strongly suggested to reserve a network for guests to your home — after all, after exchanging pleasantries one of the most common questions asked is your Wi-Fi key.

Regularly audit router use

Once you have created your networks, keep an eye on them. Take the time to create personalized names for each connected device (for example, “Living Room TV;” “Mom’s Mobile Phone;” etc.) and check regularly to see what is connected.

If there are names or devices you don’t recognize, it could be your network has been compromised and corrective action is required.

Protect your devices

The number of devices included in the IoT is large, and even your Smart TV, thermostat, connected fridge or Wi-Fi toilet could be the weak point for a cyberattack. Our survey found only one in five Canadians are concerned about a cyberattack through their television, but the TV can be a valuable data-collection tool for cybercriminals — and TV manufacturers.

When you are setting up and connecting an IoT device, configure it to limit the information you allow the manufacturer to collect.

Without question, smart homes have made our lives more convenient; but cyber security should not be sacrificed for that convenience. We need to be educated about how our IoT devices interact with our home, and how they may be vulnerable to an outside attack.