Pay attention to your IoT Device Security

Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…

Slow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

• Was the company ever hacked? Google this to find out.
• If so, did the company try to hide it from their customers?
• Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
• Does the product have excellent customer support?
• Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
• Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
• Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
• Does the product’s firmware also automatically update? If not, not good.
• Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
• Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
• What data does the device collect, and why?
• Can data on the device traverse to another device?
• Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
• Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
• Ask the manufacturer how the device lets you know its batteries are low.