A Cybersecurity Guide to Purchasing IoT Devices This Holiday Season
We are now well into the holiday season, which means that many of you will be shopping for gifts if you already haven’t snagged Black Friday or Cyber Monday deals. With many of this year’s hottest items being consumer technology products like the iPhone X, smart watches, and an assortment of smart devices, you’ll need to know how to stay safe when integrating these products into your life. Continue reading as we go over the details you should consider before purchasing a new piece of tech for yourself, your friends, or your family.
Internet-Connected Devices and Cybersecurity
Whenever buying new tech, before heading to the checkout, you should understand a bit about the device in your shopping cart. More often than not, it’ll be an internet-enabled device, but is it an always-on Internet of things (IoT) device, or is it a device that selectively connects to the internet? Depending on the security settings offered by the device, the latter can be much safer to use than the former. Unfortunately, many consumers fail to understand this difference and why it’s significant.
IoT devices, also called smart devices, have become far more abundant in recent years, despite the fact that many consumers do not have a detailed understanding of what these devices are or what they do. It’s true that no one needs to understand the underlying technology behind the IoT in order to benefit from the convenience that smart devices provide; however, in order to secure these devices, consumers absolutely do need to have some level of tech savvy.
The first thing consumers purchasing a smart device, which can be anything from smart light bulbs to smart refrigerators, should know is that these devices are internet-connected, but unlike laptops or smartphones, they’re usually permanently online since accessing the internet is critical to the functioning of these devices. Why are these devices always online? The IoT is an entire hub of machines constantly giving each other minute-to-minute feedback for your convenience. For example, a smart thermostat, like Nest, can use the internet to connect to your phone or car’s GPS and determine if you’re driving home so it can adjust the temperature to your liking before you even open the garage door. While this is pretty amazing, the dark side is that devices that are online more often have a greater likelihood of being hacked. That’s because many IoT devices have security vulnerabilities ranging from improperly encoded security functions to an absence of security options altogether. It was devices like these which were weaponized in last year’s Mirai hack, which took out major portions of the web. What’s worse is that this year, security researchers have indicated that they might now be seeing the beginnings of an even worse threat taking advantage of weak IoT security. In addition to these security concerns, some companies in the IoT industry have been accused of being lax with privacy.
Despite this, the IoT market shows no signs of slowing down, with manufacturers putting everything—appliances, coffee makers, toasters, light bulbs, and even toys—online. What this means for you is that it’s getting harder to simply opt out of IoT. If you’re not paying attention, you might inadvertently purchase one of these devices in lieu of its non-smart or “dumb” equivalent. Going forward, you’ll have to make a choice. Are you going to buy smart products or avoid them? If you’re avoiding the IoT ecosystem entirely, make absolutely sure that whatever you’re purchasing has no internet connectivity. To do this, you’ll need to read product descriptions thoroughly.
Things to Consider Before Purchasing an Internet-Connected Device
It is worth noting that, although IoT devices do have security issues, not all of them are vulnerable. With that in mind, if you do decide to shop for these devices, you’ll need to be aware of the following things.
Who’s the manufacturer?
When purchasing smart products, you’ll want to look for the name of the manufacturer. Typically, more reputable companies like Google, Apple, Samsung, and Amazon tend to take IoT device security very seriously because they have reputations to protect. But for other companies, internet functionality and security for their devices might be an afterthought, and thus, these devices could endanger your privacy or cybersecurity. Once you’ve identified a product’s manufacturer, you should research them, especially if you’re unfamiliar with them. Look into their existing product lines to see if you notice any negative trends. Ideally, you should do this research before you go shopping, so you can steer clear of any tempting deals on products that might not be as secure as you’d like.
What security settings does the device have access to?
It’s often not enough to research a product’s manufacturer. You’ll want to take a look at the security and privacy settings of a device before you purchase it. You can gauge this by asking yourself a few questions. For example, can you change the device’s password, or is there none at all? Is data transmitted from the device encrypted? Do you have control over the types of data collected and transmitted? By finding the answers to these question—most of them you can simple Google—you’ll be able to get more information about the device’s security.
Will your device receive regular updates?
Technology updates are the lifeblood of a good cybersecurity defense. As hackers develop new techniques, and as new vulnerabilities are discovered, devices need to be continually patched in order to remain secure. Some manufacturers, unfortunately, don’t provide regular updates for their products. You should avoid these products at all costs, as not only could they damage your own home network if they’re hacked, but they can be used in DDoS attacks, which make the internet worse for everyone. Finally, supporting manufacturers that don’t regularly update their devices encourages bad behavior and sets back global cybersecurity.
Beyond software updates, you’ll also want to keep in mind that if the manufacturer goes out of business or discontinues service, your product might stop working. There are many cases of IoT products becoming useless after companies suddenly end support for them. This makes it all the more important to buy from reputable companies that make good products and will be around for a while.
Concerned about privacy? Read the manual and terms of service
While it can be hard to learn about the privacy implications of certain devices, you should take a look at the manufacturer’s website to see if you can look at its terms of service and privacy terms. These should detail what constitutes collected data, where data goes, how it’s used and stored, and whether or not you can request your data to be deleted from company servers.
The holiday season comes with the spirit of giving. While you may be tempted to give your loved ones all the devices to make their house smart, you’ll want to make sure you’re not giving them a cybersecurity nightmare. For more information on staying safe while using connected gadgets, keep reading our Internet of Things blog.
This article was orginally published on NextAdvisor.com.
The ChannelPro Network is dedicated to providing IT consultants, VARs and MSPs who serve the IT needs of small and midsize businesses (SMBs) the news, insights, resources and best practices necessary to help them grow their businesses and better serve their SMB customers.