Documents in Portable Document Format (.PDF) require Adobe Acrobat Reader 5.0 or higher to view. Download it now.
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Enterprise Bank
Online Banking
Enroll Now | Forgot password or PIN?
HomeResources

Smart Home Security

Smart Home Security: Preventing a High-Tech Home Invasion

 

Over the last few years, the popularity of smart home devices has exploded. The average US household has more than two smart tech devices, which can include smart speakers, smart thermostats, smart doorbells etc. These devices are designed to make life simpler, and they do in many ways. However, they also add at least one complexity to everyday life - the need for additional security measures.

Smart home devices are just that - smart. They have the ability to listen and respond, which is what makes them so helpful. Their responses are fueled by technology and information that is pulled into your home over the Internet. Internet access points are additional entryways into your home that must be secured.

Open to the Elements

Think of Internet access points as doors or windows on your house. If you add a new door, for example, you'll want to make sure you can close it and lock it, right? For that to happen, it needs to be a good-quality door that is correctly installed. You'll want to use the appropriate locks, hinges, weather stripping etc. If not, the door will fail to keep the elements out and won't protect your home and your belongings from malicious actors.

The door also needs to be well maintained. If it falls into disrepair and doesn't close or lock properly, it will eventually be unable to effectively secure your home. Lastly, your door needs to be used properly. If you leave it wide open, anyone or anything can get into your home, including cold air, thieves, bugs, rogue animals, etc.... you get the picture.

The same rules apply to smart home, smart tech, or Internet of Things (IOT) devices. Proper procurement, installation, maintenance, and use are essential to ensuring security. Below are a few suggestions for keeping your smart home secure:

Proper Procurement

This is an important foundational step. You need to buy high-quality smart home devices from reputable companies. Off-brand items from questionable entities likely do not offer the kind of security settings and maintenance support you need to help keep your device secure and your home safe.

Intelligent Installation

Proper set up/configuration is key to suitable installation. When installing a smart device, don't blindly accept the initial settings. Devices come with preset or default settings. Often these are at the lowest possible security level because that makes set up faster and easier. While that can speed up the installation process, it may leave you open to security vulnerabilities later on. Investigate what security and privacy settings are available. A few hints here:

  • Extra Authentication -- Some devices may allow for two-factor authentication, but don't usually default to that setting. You have to choose it. Two-factor authentication creates a two-step process for logging in, requiring a username and password combination, plus additional proof of your identity. This can be a fingerprint, facial recognition, a security token or a separate security PIN. The extra step makes it much more difficult for cyber attackers to hack your device and is well worth the small amount of extra effort on your part.
  • Mind the PII - Many devices will request your Personally Identifiable Information (PII) during set up. PII is defined as data that can identify you, such as your birthdate or social security number. It is not usually necessary to enter PII into your device in order to use it. If the device you are using requires PII, you may want to consider a different model. Once you disclose PII you have little-to-no control over where it goes or with whom it is shared. If it gets into the wrong hands, your personal security and even identity could be at risk.
  • Router Security - Your smart device will either connect directly to the internet via an app or it will use your router to gain internet access. If the latter, be sure you secure your router effectively by following these steps:
    • Beef up your credentials. Your router requires an admin password to access settings and you have a wireless network password to access the wireless. Both need to be challenging passwords that follow proper password protocol. Never leave them on the default settings.
    • Enhance your encryption. Set your router to Wi-Fi Protected Access II (WPA2) or WPA3, which are the strongest encryption settings.
    • Maintain your firmware. Firmware is the software that controls your router. Be sure your router is still supported by the manufacturer, who should be pushing out regular updates. Many routers update themselves. If yours does not, you can learn how to conduct manual firmware updates on the support website or documentation for your router.
    • Disable insecure or unused features. Turn off the features you shouldn't use, such as Universal Plug and Play (UPnP), which allows remote access to your router. Malware can use UPnP to infect your devices. You should also disable Wi-Fi Protected Setup (WPS). This is another feature that exists to make setup easier, but is very easily compromised and not worth the risk.

Preventative Maintenance

Proper maintenance means staying vigilant about the functionality of your devices. Anything that uses software -- from your burglar alarm system to your printer - requires support and maintenance.

  • Update Regularly - In addition to the aforementioned firmware updates on your router, you need to be sure you are keeping all of your devices updated. Software updates are about much more than just new feature developments. They provide security patches that can help prevent the latest cyberattack methods. Since cyber attackers are constantly evolving their tactics, software security must respond in kind. That is why software updates on all of your devices are so important. Some devices are self-updating. Others have associated apps which will alert you when updates are available.
  • Stay Supported - Make sure your devices are still supported by the manufacturer. A supported device will have regular software updates available. However once device support is discontinued, that device is no longer updated to guard against the latest hacking methods. Software manufacturers are required to send out notices when they discontinue support. However, users often ignore these notifications, so you may have to manually check. If you have a device that is no longer supported, it is best to trade it in for a newer model.

Responsible Usage

The security of your smart home device is at the mercy of its users. Careless usage of any device will result in security issues. A few things to keep in mind:

Mind the PII (again) - After a device is set up, there will likely be other instances where personal information is requested. This can happen after software updates are completed or when new applications and modules are added. Do not blindly supply personal data in any instance. Be sure it is truly needed before you send it out into the ether.

Secured and Separate WiFi - Never connect your smart device to an open or public WiFi. These networks have very poor security protocols. Additionally, it's wise to put your smart home devices, such as doorbells, thermostats, webcams, etc. on a WiFi network that is separate from the one you plug your computer into. This provides an added layer of security, so if one network is breached you will still have items on a separate network that have not been compromised. You can accomplish this by creating a guest network on your router, in addition to your regular WiFi.

Retiring Devices - When you retire a smart device, it is important to be sure all of your information is wiped before selling it or disposing of it. Smart home devices store a wide variety of data about you, including information about your WiFi network and other devices connected to it. Find the instructions for your device that explain how to perform a factory reset. You will also want to "unlink" your device so it is not connected to anything related to you.

Summary

In summary, effective smart home security boils down to a responsible, pragmatic approach regarding your devices.

  • Procure Properly - Buy from a reputable manufacturer.
  • Install Intelligently - Setup your device securely to avoid problems down the road.
  • Maintain Preventatively - Keep your systems updated to ward off cyberattacks.
  • Use Responsibly - Engage with your smart devices mindfully. Once data is shared, it is no longer your own.