Pay attention to your IoT Device Security
Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…
Slow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.
- Was the company ever hacked? Google this to find out.
- If so, did the company try to hide it from their customers?
- Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
- Does the product have excellent customer support?
- Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
- Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
- Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
- Does the product’s firmware also automatically update? If not, not good.
- Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
- Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
- What data does the device collect, and why?
- Can data on the device traverse to another device?
- Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
- Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
- Ask the manufacturer how the device lets you know its batteries are low.
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention