| Sarah MacReading |
|
Smart-home devices create comfort and convenience through the power of the internet, allowing you to tweak temperatures, view security cameras, flip on lights from across the couch or across the globe, and so much more. That type of connectivity is powerful, but it can also make you easy prey for digital thieves. As Theresa Payton, founder and chief executive of Fortalice Solutions, a cybersecurity consultancy firm, told us, “Every device connected to the internet is a target.” |
Because some smart-home devices are specifically designed to monitor us, taking precautions becomes essential. |
If you don’t protect your Wi-Fi network with a password, or you use the default password that came with your modem or router, all of your devices are exposed — the digital equivalent of leaving your front door wide open with a neon welcome sign overhead. |
“People need to realize there’s actually catalogs of all those default passwords on the internet,” Ms. Payton said. The solution though is dead simple: Lock your network down with a password, one that is unique and not shared with any other accounts you have. |
You can add another layer of protection by isolating your smart-home devices from your computers and smartphones by using a guest network, a second network that lives in parallel with your existing one and which is a common option you can enable with typical routers. |
“That way, the devices will be sort of quarantined by themselves,” said David Templeton, a former information security analyst at The New York Times and now a senior information security analyst at Red Hat, a software company. |
Never reuse a username and password combination. While doing so is convenient, if that combination is ever stolen from one service you use — a common occurrence, such as when companies like Yahoo, Marriott or Panera Bread get hacked — it will expose every service you have that uses it. |
The only solution is to use unique passwords for everything, including shopping sites you visit, services you use, your home network and each of your smart-home devices. Remembering such an encyclopedia of passwords is functionally impossible, so we suggest using what’s called a password manager (Wirecutter, a New York Times product review siote, recommends 1Password), a service that you access using an app or website and that not only creates unique passwords automatically but also keeps track of them across all your devices. You need to remember only one password combination to unlock the password manager, and it remembers the rest. |
Stick with reputable brands |
All of our security experts agree that it’s best to pick smart devices from established brands. Those companies have a reputation to protect, along with the technical infrastructure to back it up. They most likely have the ability to employ more thorough security measures when designing their products. And unlike no-name brands or many start-ups, you can reasonably expect them to release software patches and fixes if vulnerabilities are discovered (and eventually there are vulnerabilities with almost every product). Of course, we also recommend consulting a good source for reviews such as Wirecutter before making a purchase. |
Directly protect your devices |
When possible, use two-factor verification. Most devices in a smart home will offer this feature, so always use it when you can. |
Many manufacturers also allow you to opt into automatic hardware and software updates, something experts recommend to ensure the latest fixes get installed to address new security vulnerabilities. Make sure you check the settings section of your devices’ apps and your smartphone’s app marketplace for updates to devices that don’t automatically do this. |
While a popular worry among smart-home users is rightly the threat of hackers, another equally pressing concern is whether to trust the manufacturer itself. Signing into an app shouldn’t give manufacturers the right to secretly access or share your behavior, but it could give them access to a trove of data the device collects — things like email addresses, location information, and recorded audio and video. If you don’t have the time, check out a source like Wirecutter, which considers the (over) reach of privacy policies in its evaluation of various smart-home devices as part of its criteria. |
Before you agree to use an internet-connected device, it’s essential to understand what data you might be sharing, so read the terms and conditions of its privacy policy. It’s a daunting task, but Chris Hoose, founder and vice president of finance for the consulting firm Iconic IT, suggests looking for clauses that say what companies plan to do with your data, if and how they will contact you, how they plan to secure your data and whether you can opt out of these policies within the settings (many apps allow this). Some systems allow you to opt out of data sharing, while others don’t. |
There is mounting pressure on manufacturers to adopt better security practices, but we’re not quite there yet. |
“The industry should be using strong encryption wherever possible, verifying firmware updates and inviting security audits,” said Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation. The foundation and organizations like the Digital Standard and the Mozilla Foundation are pressuring companies and government bodies to put stronger practices in place. |
For now, experts agree that consumers need to be proactive. |
“Given where we are and how businesses think about security and privacy, the onus is on you,” Ms. Payton said. “Nobody can look out for your security and privacy like you can for you and your family.” |
From our friends at Wirecutter |
|