14 Essential Steps To Take To Secure Household IoT Devices

From smart speakers that can answer research questions, turn on music and order pizza to appliances that can alert you when you’re low on milk, Internet of Things devices are making their way into more and more consumers’ homes. However, users may be more focused on all the helpful and fun things these devices can do than on how they need to be protected.

It’s important to remember that, just like any tech hardware that connects to the Internet, IoT devices exchange sensitive data and are targets for hackers. Consumers need to leverage best cybersecurity practices to defend each of their IoT devices. Below, 14 members of Forbes Technology Council share essential steps consumers should take to secure their IoT devices from malicious actors.

1. Ensure Each Device Has A Strong, Unique Password

The best way for consumers to protect IoT devices is by ensuring all device applications are secured with a strong, unique password. Consumers should avoid passwords based on easily accessible information such as an address or variations of “password.” “Passphrases”—such as “SANDWICH!bacon@mayo*”—are better. They’re easily remembered, but difficult for criminals to crack. – Damon Fleury, SpyCloud

2. Always Set Up MFA

The key to keeping your IoT devices safe and secure is to use multi-factor authentication. MFA ensures that the owner—not a hacker—inputs any significant changes to the software. If someone does manage to breach your device, they can’t do much without access to your phone, email address or authenticator code. – Thomas Griffin, OptinMonster

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

3. Look For Devices With Top-Level Connectivity Protocols

Choose a device with a connectivity protocol that is secure by design, open and has a relatively low data throughput, such as LoRaWAN (long-range wide-area network). These inexpensive-to-implement, professional protocols are widely used in huge IoT installations and aim to connect billions of sensors and enable thousands of use cases that were previously cost-prohibitive. – Vitaly Kleban, Everynet

4. Keep The Firmware Updated

Updating your firmware is of utmost importance when it comes to IoT devices. It’s also vital to deactivate accounts for IoT devices that you no longer use—you don’t need that old Furby in your attic to be a vulnerable point that increases your attack surface. – Hari Ravichandran, Aura™

5. Research And Leverage Simple Digital Hygiene Practices

IoT devices are now part of our everyday lives, and consumers should make digital hygiene a priority. Learn simple ways to protect yourself, such as configuration basics for your home networks (including firewalls and routers), how to leverage settings that can limit how much data is exchanged with the outside world, and ways to make a hacker’s job harder (for example, using technology to manage multiple and stronger passwords). – Monica Hernandez, MAS Global

6. Don’t Pinch Pennies When Purchasing A Device

Most consumers are not security-aware. Do some training! You can find plenty of free online courses, and this will go a long way toward improving your habits. Additionally, it’s often said that “cheap doesn’t always equal good,” and this applies to security. Chances are that the super-cheap device you bought online is less secure than one from a solid provider. Would you buy a cheap lock online from an unknown manufacturer for your front door? – Georg Thingbo, Pexip

7. Connect IoT Devices To A Separate, Dedicated Network

I recommend moving IoT devices onto a separate network from everyday devices such as phones and laptops. This one step, combined with turning on security settings and updating software regularly, allows you to minimize risk. – Arjun Bhatnagar, Cloaked

8. Sign Up For Manufacturers’ Email Updates

Consumers should keep an up-to-date inventory of all of their IoT devices and sign up for email updates from the manufacturers. Similar to the recall procedure for an infant car seat, if exploitable security vulnerabilities are detected, the manufacturer should reach out with recommendations on how to proceed, whether that be to return or replace the device or install a software update. – Caroline Wong, Cobalt

9. Look For Manufacturers That Have Cybersecurity Bug Bounty Programs

Before purchasing, take a look at the website of the IoT device manufacturer to see if they have cybersecurity bug bounty programs. If they do, it means they take cybersecurity seriously and they have a channel to update your device when there are security issues. If they don’t, you may be on your own. – Christine Bejerasco, WithSecure

10. Make Sure You Understand How Companies Store And Use Your Data

The big question is, whom do you trust? All IoT devices have access to Wi-Fi, collect private data and even listen to what you are saying. As it was said in Netflix’s The Social Dilemma, “If you’re not paying for the product, then you’re the product.” I cannot agree more. Make sure you understand how companies store and use your data and then decide whether or not you need another IoT device at home. – Nadya Knysh, a1qa

11. Carefully Consider Whether You Need A Particular Device To Be IoT-Enabled

Be smart about the devices and your passwords. Also, be thoughtful about which devices you need to be IoT-enabled. What is the function of the device? If it is hacked, will it have a high impact on your personal life? Having your IoT-enabled baby monitor hacked has very different ramifications than having your IoT-enabled bird feeder hacked. – Guy Courtin, Tecsys Inc.

12. Value Long-Term Viability Over Cost

We are seeing government regulations, such as Europe’s Internet of Things Policy, providing increased awareness of consumer security and driving choices for reputable IoT vendors that prioritize longer support and update cycles over lower costs. As a consumer, you should choose longer-term viability over the cheapest option. – Shay Levi, Noname Security

13. Configure Firewalls And Routers To Block External Traffic

The most important thing users can do is ensure that there is no way to connect to their IoT devices from outside the home network. Ensuring that firewalls and routers are configured to block all external traffic will prevent hacks. – Michael Adler, N-able

14. Know The Security Difference Between Wi-Fi And Bluetooth Devices

Remember that IoT devices are not just household or industrial appliances. They are points of vulnerability and should be properly protected. Be sure to limit physical access to them, always check for firmware updates, change default credentials and don’t be afraid to purchase more expensive and secure hardware. Additionally, know that Wi-Fi-enabled devices have a higher level of security than Bluetooth-low-energy-enabled ones. – Pavel Orlov, Innowise Group