January 8, 2020
National Cyber Awareness System:
Secure New Internet-Connected Devices
12/31/2019 01:44 PM EST
Original release date: December 31, 2019
During the holidays, internet-connected devices—also known as Internet of
Things (IoT) devices—are popular gifts. These include smart cameras, smart
TVs, watches, toys, phones, and tablets. Although this technology provides
added convenience to our lives, it often requires that we share personal and
financial information over the internet. The security of this information,
and the security of these devices, is not guaranteed. For example, vendors
often store personal information in databases, which may be vulnerable to
cyberattacks or unintentionally exposed to the internet. Information breaches
or leaks can enable malicious cyber actors to engage in identify theft and
phishing scams.
The Cybersecurity and Infrastructure Security Agency (CISA) recommends users review CISA Tips on Securing
the Internet of Things, Preventing and Responding
to Identity Theft, and Avoiding Social Engineering
and Phishing Attacks, as well as the following steps to make IoT devices more secure:
Use
multi-factor authentication when available. Many manufacturers
offer users the option to protect accounts with multi-factor
authentication (MFA). MFA adds another layer of security and can
significantly reduce the impact of a password compromise because the
malicious cyber actor needs the other factor—often the user’s mobile
phone—for authentication. See Supplementing
Passwords
for more information.- Use
strong passwords. Passwords are a common form of authentication and are
often the only barrier between you and your personal information. Some
internet-enabled devices are configured with default passwords to
simplify setup. These default passwords are easily found online, so they
don’t provide any protection. Choose strong passwords to help secure
your device. See Choosing and
Protecting Passwords for more information.
- Evaluate
your security settings. Most devices offer a variety of features that you can
tailor to meet your needs and requirements. Enabling certain features to
increase convenience or functionality may leave you more at risk. It is
important to examine the settings—particularly security settings—and
select options that meet your needs without putting you at increased
risk. If you install a patch or a new version of software, or if you
become aware of something that might affect your device, reevaluate your
settings to make sure they are still appropriate. See Good Security Habits for more information.
- Ensure
you have up-to-date software. When manufacturers become aware of vulnerabilities in
their products, they often issue patches to fix the problem. Patches are
software updates that fix a particular issue or vulnerability within
your device’s software. Make sure to apply relevant patches as soon as
possible to protect your devices. See Understanding Patches for more information.
- Connect
carefully. Once
your device is connected to the internet, it’s also connected to millions
of other computers, which could allow attackers access to your device.
Consider whether continuous connectivity to the internet is necessary.
If it isn’t, disconnect. See Home Network Security for more information.
