6 Important Steps to Secure IoT Devices During Setup

6 Important Steps to Secure IoT Devices During Setup

If the 2010’s were the decade of cloud technology, then the 2020’s are going to be known by an explosive growth of IoT devices. 

The Internet of Things (IoT) has been growing steadily and is about to see an explosion thanks to faster connections and better multi-device handling being enabled by both Wi-Fi 6 and 5G.

The number of IoT devices is projected to grow nearly 2.5x between 2020 and 2025 to reach 75.44 billion globally.

Business use of smart, internet-connected devices has also been growing, with companies realizing the time-saving and collaborative benefits of a variety of IoT technologies designed for business use. 

Some popular office smart devices include:

  • Smart locks and keypads
  • Smart security camera
  • Smart lighting
  • RFID tags and barcode readers
  • Smart vending machines
  • Cloud-connected white boards
  • Smart sensors

As networks get more saturated with IoT devices, an important consideration when adding these new connected tools is how they’ll impact your network security.

How to Properly Secure Smart Devices

In 2019, cyberattacks on IoT devices rose 300%. This is a trend we’ll continue to see as hackers try to exploit these devices, and through them, hack into other devices and computers on the same network.

There are multiple stories online about home security cameras in Toronto and other Canadian cities being hacked, and those same smart security systems are also used in offices throughout the country and can be hacked just as easily if they’re not secured.

Anything that connects to the internet can be hacked but taking precautions as you’re going through the IoT device setup process can significantly reduce the risk a device adds to your technology infrastructure.

Following are the steps you should take during the IoT setup process to secure your smart device against unauthorized access.

Change the Default Username & Password

A surprising number of users leave the default password in place on IoT devices when setting them up. They either think that an admin may want to be the one to set the password or they tell themselves they’ll change it “later.”

But it only takes a moment for a hacker to use that default login to gain access and then set themselves up for continuous assess. Hackers have posted extensive lists online containing smart device manufacturer default passwords.

You want to immediately change the default username and password used to log into the device, and ensure you use a strong password. If an administrator wants to change it to something else, they can always do that at a later time.

Change the Device Name

When you’re looking at a list of devices connected to a network, they’ll be designated by a specific name. The default is usually the brand name and model number of the IoT device.

That type of information can make it easy for a hacker to reference any known device vulnerabilities. So, you’ll also want to change this and ensure it’s not giving too much information away (i.e. don’t’ use an office address). Use a name that means something only to your office (like “yellow device”) but won’t give a hacker too much information about your device or business.

Review Privacy Settings

A term for inadvertent sharing of information from an app is “data leakage.” This often happens when a user leaves privacy and data sharing settings at their defaults, not realizing that the manufacturer’s defaults include sharing your usage data with them.

Make sure to review all privacy and sharing settings and turn off any that are sharing data that you never intended the manufacturer to have access to.

Turn Off Features You Don’t Need

IoT devices will sometimes come with features that you don’t really need, like remote access. Often these features include a level of risk that’s unnecessary if you don’t even use the feature.

It’s best to review all features offered by a device and turn off any that you aren’t using. You’ll want to default as many as possible to off, as you can always turn something back on later if you find you need it.

Disable Universal Plug and Plan (UPnP)

One particularly dangerous feature that makes a device vulnerable to attack is UPnP. It’s designed to make it easier to connect devices on the same network, by allowing them to discover each other automatically. But unfortunately, UPnP also makes it easier for hackers to discover devices on your network. It’s a good idea to turn this off and seal this vulnerability.

Update Apps and Firmware

Often in the time that a smart device was manufactured, shipped to the retailer, and sitting on a shelf waiting to be purchased, a security update has been issued. 

Make sure that you check for and install any security updates for your device’s firmware or the mobile app that controls it to safeguard against any found vulnerabilities that have been patched. Then, just as you regularly update computer software, regularly check for IoT device updates as well to keep your network secure.

Get Full-Coverage Network Security with Haxxess

Today’s business networks are growing in size and the number of devices that are connected to them. Work with Haxxess to ensure your entire network, including smart devices, is protected from intrusions.

Contact us today to schedule a free security consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.