Back

Understanding the Risks of the Internet of Things (IoT): Smart Device Security Essentials

First Republic Bank
July 29, 2022

  • Smart devices may be convenient, but they present a variety of security risks due to lack of regulation.
  • Security risks of smart devices and the Internet of Things (IoT) range from stolen credentials to compromised devices.
  • Many IoT risks can be mitigated by choosing strong, complex and unique passwords and updating them regularly, as well as manually activating enhanced security features and updating both software and firmware.

Smart devices have skyrocketed in popularity in recent years. Popularity, however, does not equate to security.

Smart technologies, which range from home security cameras to kitchen appliances, are often lauded for their convenience. But while they can be useful, they’re beholden to few federal regulations, often leading to weak security features (if any). This poses major risks to consumers and businesses alike.

We’ll discuss these risks (and how to mitigate them) after first exploring the definitions of “smart device” and “Internet of Things” to provide vital context.

What are smart devices?

There’s no strict definition that outlines what is and isn’t a smart device, but these devices can generally be described as internet-connected electronics with computing capabilities and the ability to connect to and share data with other smart devices. Smart technology tends to allow extensive interaction between users and their devices, too.

These devices — the global network of which is known as the IoT — have transformed the way we go about everyday life, making it easier to tackle all sorts of daily activities, like communicating with others, ordering products, playing music, making reservations and managing our daily lives.

You may already be familiar with some of these devices:

  • Smart speakers that allow users to play music and access information via the internet.
  • Smart security products, such as alarms and security cameras, that can be controlled from a smartphone.
  • Smart thermostats with advanced customizability, voice controls and other forward-thinking features.
  • Smart outlets that enable remote control of appliances, lights and other products.
  • Smart watches and fitness trackers that connect to and share data with smartphones and other devices.

Smart devices stand out by incorporating interconnectivity and innovative “smart” features developed with convenience in mind. However, this convenience often comes at the price of mediocre security features, which can put businesses and consumers at risk.

What is the IoT?

Per Merriam-Webster, the phrase “Internet of Things” describes “the networking capability that allows information to be sent to and received from objects and devices (such as fixtures and kitchen appliances) using the Internet.”

To simplify this somewhat complex term, “Internet of Things,” is a concept that broadly encompasses the global network of interconnected smart devices.

What risks do smart devices and the IoT pose?

Perhaps the most overt, high-level security issue with smart devices is that they’re subject to very few governmental security regulations. As a result, they may not include the features necessary to protect users from criminals who wish to access sensitive information or take control of their smart devices altogether. Even when security features are included, they may require manual activation or be poorly communicated to users (or both).

Therefore, the burden of safety within the IoT often falls upon the user, and they may not be able to do much more than choose a complex password or update software, depending on the product. This theoretically opens the door to a number of undesirable situations, such as:

  • Stolen information: Smart tech protected by nothing more than a simple (or default) username and password can leave sensitive information vulnerable to criminals.
  • At-home harassment: Smart security cameras and doorbells have been compromised by bad actors to harass users, demand ransoms and engage in other troublesome activities.
  • Tangible harm to devices and property: Criminals accessing smart appliances, such as thermostats or smart cars, can wreak havoc upon property and health and human safety from afar.

That’s not to say these are common issues. The list merely highlights the necessity of using available security measures to the best of one’s ability.

It’s also important to note that, because businesses have begun to rely increasingly on smart technology, these risks apply just as much to companies as to regular consumers — perhaps even more so, since businesses are often responsible for protecting the sensitive information of their customers.

Real-world example

One prominent example that exhibits the security shortcomings of smart devices is a class action lawsuit that was filed against a popular smart security device company. Dozens of devices were hacked, offering bad actors not only a visual glimpse into victims’ homes, but also the opportunity to speak with victims and harass them. This showcases a type of harm that differs in scope from other digital crimes — phishing, for example — that often have a more specific financial focus.

How to protect yourself from hackers and other IoT risks

By now, it’s clear that smart devices offer few guarantees of security. Still, there’s no need to avoid these devices altogether. Please consider following some simple measures to help minimize security risks.

Adhere strictly to wise password practices

“Use a strong password” is a time-tested tip for traditional internet users that applies just as heavily to smart device owners. Essential password best practices include:

  • Choosing strong/complex and unique passwords for all devices used in the home, including both smart devices and routers.
  • Employing a password management solution to save your credentials (usernames and passwords).
  • Ensuring that your home router is using strong/complex and unique credentials — from an IoT perspective: Your router is the front door into your smart devices.

Manually activate enhanced security measures

As mentioned earlier, some smart devices include security measures — multi-factor authentication, for example — that may not be active right out of the box. Additionally, these features may not be communicated to users as clearly as they could be. Users should investigate device settings (as well as relevant app settings) manually to ensure they’re enabling every security measure at their disposal.

Stay up to date

Smartphone apps associated with smart devices often receive frequent updates and these updates, can include security patches. To best protect your information, ensure that automatic updates are enabled. The same goes for software and device updates, assuming the manufacturer provides access to regular updates.

Cybersecurity assistance from First Republic Bank

Smart devices have quickly gained popularity over the last few years. It’s essential to use caution as you begin to integrate these technologies into your home and/or business.

First Republic Bank is dedicated to emphasizing the importance of cybersecurity awareness. Through this dedication, we offer complimentary cyber services to our colleagues and clients. If you think you’ve been a victim of a cybercrime or have any questions related to your online security, please reach out to informationsecurity@firstrepublic.com.

This information is governed by our Terms and Conditions of Use.