Go Smart Safely

Smart home devices (sometimes called ‘Internet of Things’ or ‘IOT’) contain miniature computers that connect through your home network to the internet. With smart connected devices such as smart speakers, smart TV’s, smart bulbs, security cameras and even things like smart toothbrushes, kettles, toasters and fridges, there is a growing amount of internet connected devices in our homes. Just like a laptop or PC, smart devices can be hacked into giving the attackers access to your home network, and your data and privacy is at risk. Rare cases of smart devices like cameras being used as baby monitors have proven to be frightening for those involved.

Go Smart Safely

Build security into your buying habits by asking questions around the security of a device before you buy it.  You wouldn’t buy a car without a seat belt because it is a safety concern for you and your family, it's time to think about safety of your smart devices in the same way. Key things to think about before buying a smart device can be:

  • Do I trust the manufacturer?  (Are they reputable and have a good security and privacy policy?)
  • Can the device receive automatic updates to keep it secure?
  • How long will the device be supported with software updates for?
  • How is access to the device controlled?  Is it just a username and password, or is 2 Factor Authentication an option?

Follow these tips in order to better secure your devices:

  • Ask about security before you buy - By asking suppliers and seller about these features then the manufacturers are more likely to include them. Mobile phones are a great example of how people power changed the security on these devices.
  • Secure your user accounts - Set strong passwords using three random words, the longer the better. A strong password is especially important for your primary email account as you will likely use it as a “username” for lots of online services.
  • Change factory set passwords - Some devices may be pre-configured with insecure default usernames and passwords (e.g. “admin” and “password”).  Cyber criminals can easy find out what the default username and password is for your device, so you should change them as soon as you start using the device. 
  • Use different passwords for different devices - Don’t use the same, or similar passwords for the different smart devices you own. If one device is compromised, it could put all other devices at risk as well.
  • Enable 2FA for all services which offer it. More information on 2FA and how to set it up for popular services can be found on the NCSC’s Two Factor Authentication article.
  • Software and Apps - Only download software from trusted sites and official app stores so you can be sure of its authenticity.  Downloading software from other sources can inadvertently download malicious software which can run in the background without your knowledge.
  • Keep device software up to date – Smart devices still have software on them so you can control them which is normally called Firmware. If automatic update feature are available you should enable it on all devices, if not, check regularly for updates so you get the latest security fixes and also the latest feature updates.
  • Trusted manufacturers - Only purchase devices from reputable brands that you trust.  Some smart devices available on the internet come from pop-up style companies and may be more open to vulnerabilities as a result, they also may not be as safe to use because they don’t meet international safety standards. 
  • Turn your router’s Firewall on - Most internet routers come with a built in firewall.  It's worth researching if your router has a firewall feature built into it and make sure it is turned on.
  • Keep smart devices separate - Consider setting up smart devices on a separate network so that they are kept separate from devices that store private data, such as your PC.  Most home routers will have a “Guest” Wi-Fi network which would keep devices separate from your ordinary network.
  • Select appropriate privacy options for each app on your device’s settings or in the app itself.  You should only ever allow an app to access what it needs to perform the way in which you need to use it. 
  • If a device is no longer supported by the manufacturer, replace it with one that is.
  • Getting rid of your device - If you decide to sell, or pass it on to someone else, you should first perform a factory reset. This will return the device to its original settings, and remove all your personal data from the device. Check the manufacturer's website if you need help on how to do this for your device.

Resources

Smart devices: using them safely in your home - NCSC.GOV.UK

'Smart' security cameras: Using them safely in your home - NCSC.GOV.UK

Guidance for buying & selling second-hand devices - NCSC.GOV.UK