Connected or “smart” devices are fun and convenient—but they can gather and transmit sensitive information about your life and family. Here are steps you can take to maintain household security.
As home automation enthusiasts rush to connect digital devices — a video doorbell, a wireless home security kit, a set of Wi-Fi lightbulbs — they are helping build a new ecosystem of convenience, safety and efficiency. That ecosystem is the Internet of Things (IoT), the burgeoning global network of connected “smart” devices. Within five years, the Internet of Things may comprise more than 41 billion internet-connected objects.1
For consumers, these devices already have elevated household conveniences and services to futuristic heights. Think sensor-based home-monitoring and communications systems, energy-efficient automated appliances, always-on virtual assistants and self-driving automobiles.
Each device connected to a network, however, is also an endpoint that criminals can exploit. And research shows they are doing just that: One study found that 29% of businesses experienced a data breach caused by an unsecured IoT device in 2019 — a number that has doubled since 2017.2
But the problems are not just a function of cyber criminals and insecure devices. Many consumers don’t take responsibility for device security and unwittingly open themselves to compromise.
For instance, smartphone users often grant broad access to their device’s location services, camera, microphone, contacts and calendar — without considering whether these permissions are legitimate and how the data they generate will be secured. By providing this access, users may unintentionally open access to additional data on the device, including very sensitive information like system credentials, credit card numbers and contact information for colleagues, clients, friends and family.
Simple ways to protect your home and its devices
Smart security begins with an assessment of the devices that constitute your personal or family digital footprint. It’s a good idea to make a list of IoT devices in use, how they
connect to the internet and what data they generate and share. All this will help you determine potential cyber security vulnerabilities.
Some devices, like Wi-Fi videocams and car navigation systems, have been subject to highly publicized hacks. But the full spectrum of potential vulnerabilities doesn’t always make the news.
Smart devices may collect data about your personal life, dwelling, habits or financial accounts. This may refine their performance and make them easier to use, but if the devices remain in public access mode, all this information may end up on the internet, where advertisers may harvest it to expand your consumer profile. This may result in an increase in unwanted pop-up ads as you browse the internet.
Cyber criminals also use personal information to launch social-engineering campaigns, in which they use information gathered about individuals to craft communications that look legitimate but are actually scams.
The risks associated with revealing personal information online demonstrate why it’s important to review any device’s security capabilities. Find out what data is collected, how it is protected and what sharing lists are selected. Explore the product’s security and privacy settings to find out what data-generating features can — and should — be switched off. Also review the IoT device’s privacy settings to make sure you are not unintentionally sending device information to unintended locations, such as your social media accounts.
If you’re purchasing more robust equipment like wireless routers and tablets, find out if the latest security features are included. It is also important to know whether or not those standards can be updated as the technology evolves. The best security can provide powerful encryption and protection against attacks designed to compromise user credentials.
8 IoT Security Tweaks
These tips may help you safeguard your IoT devices and data, while also limiting your digital footprint:
1. Create and maintain an inventory of home IoT devices and applications.
2. Consider maintaining IoT devices on a separate network from your computers, tablets, and phones.
3. Regularly update all device software. If available, turn on automatic updates.
4. Use your router’s network configuration tool to see what devices are attached and disconnect unknown or suspicious devices or connections.
5. Change your router’s default password and its network name (SSID).
6. Create strong passwords for devices, and change user and object names.
7. Create a Wi-Fi guest network.
8. Enable encryption on your router.
Stay connected, stay protected
To help keep your account information safe and secure during this period, make sure your contact information is up to date and set up security and account alerts (deep link) so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center or the Federal Trade Commission’s Coronavirus Scam Tips for tips on how to recognize potential scams and learn more about how to keep your accounts safe.
1.866.706.8321
9am - 9pm Eastern, Monday - Friday
1 IDC, “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast,” June 18, 2019.
2 Ponemon Institute and Shared Assessments, A New Roadmap for Third Party IoT Risk Management, June 2020.
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided "as is,“ with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.
