Securing Internet of Things (IoT) Devices at Home

Devices considered to be part of the Internet of Things (IoT) include printers/copiers, cameras, thermostats, refrigerators, alarm systems, medical devices, streaming systems, smart speakers, smart TVs, workout equipment, and more.

IoT devices can collect a lot of data about our organization or your home, sometimes without the device manufacturers informing you what is being collected or retained. This can leave your data or University data vulnerable to exposure in the event of data breaches affecting the manufacturers and others they may share your data with. It can give attackers access to personal information, enable attacks against other devices on the network, enable attackers to store, access, or transmit University data they are not authorized to access, and more.

Securing your IoT devices is an important step in protecting data, resources and privacy. IoT devices require additional steps prior to connecting to the network as well as continuous monitoring while connected.

Best Practices for IoT Devices

Many best practices for securing IoT devices are the same as those you should follow for laptops, tablets, or smartphones. Some of the most common actions to take for securing your IoT devices include:

Review or change your settings and privacy

  • Review the privacy and security settings. Choose security and privacy settings you are comfortable with. Don't just accept the default settings, which sometimes share more information with the manufacturer. Prioritize your privacy.
  • Change the "wake" word that activates your device. Change the wake word to something unlikely to occur in everyday conversation and that visitors will not know. Be aware that devices can hear sounds through residence hall or apartment walls and through windows. You can change your word from “Alexa” to something unique and more secure.
  • Disable features you don’t use. Turn off the microphone and camera or mute the device when you aren’t using it. Turn off voice purchasing if not needed, or set a purchase password to prevent inadvertent or unauthorized purchases.
  • Consider blocking incoming voice and video calls. This prevents others from dialing in and listening in.
  • Review the privacy policy. Check with your device manufacturer for this and become familiar with it.

Keep your device secure and up to date

  • Use two-factor authentication. Protect the account used to administer the device (for example, the Google or Amazon account) by enabling two-factor authentication if it is offered.
  • Keep software and devices up-to-date. Regularly check for and install software and firmware updates. Enable auto updates where available.
  • Set a strong, unique password for each device and service. Immediately change default passwords that come with the device. Set a different password for each device and service.
  • Erase stored recordings. On a regular basis, erase or delete recordings that your device may have saved (for example, voice commands). Consult the user manual to check whether your device stores data and how to erase that data.

Use trusted networks and apps

  • Connect the device to a trusted network. A trusted network would include a home or campus network. Make sure to secure your home network by setting a strong password.
  • Be careful about which accounts you connect to your device. Avoid connecting accounts with sensitive information. Disconnect accounts when no longer needed. An example is your credit card or banking information if shopping using an IoT device.
  • Use caution when connecting third-party extensions. Be aware of the personal information you are sharing with them.
  • Do not connect a debit card to a device. Only a credit card will shield you from full liability for fraudulent purchases. Debit cards do not offer the same protections; it is best not to use them for online purchases.

Privacy Settings Help Links for Personal Assistants

A common Internet of Things device in the home is a smart home speaker such as the Amazon Echo, Apple HomePod, or Google Home. Links to their privacy and security documentation are provided below. For other products, check the product documentation or search online.