It’s Christmas morning. You unwrap the shiny paper, and there, in front of you, is the gadget you just knew you needed to have. The one that would make your life easier, better, more convenient.
Maybe it’s a camera that sends a live feed to your phone and alerts you when it detects motion. Maybe it’s a smart TV or, if you’re an epicure, a smart fridge. Or it’s a smart toy— a coveted talking doll or AI-powered dinosaur.
Whether it’s on your own holiday wish list or your shopping list for someone else, chances are someone in your family is getting a connected gadget — part of the internet of things — this holiday season.
In the holiday exuberance and new-gift euphoria, in can be tempting to rush past the fine print. But before you dash to power up your new fitness tracker or connected thermostat, make sure you’re taking the right steps to keep your device secure and your personal information safe.
Half of all consumers are unsure whether they’ve taken the right security precautions or even what those steps might be.
The risk that usually motivates people to strengthen their passwords or update their software is the possibility of someone gaining access to their personal data.
If your passwords are weak, a hacker could access your files and snoop through emails or other personal information. That raises concerns over the potential for identity theft and the financial repercussions.
Beyond the obvious information that our devices store, such as name, address, email and credit card information, household smart devices also save telling clues about your activity that you may not want the wrong person knowing.
A connected thermostat can give you more control over the temperature of your home and help cut your heating bill, but it can also create a log of details such as what time you leave for work and when you’re on vacation.
Beware malware
Then there’s the risk of smart devices being infected with malware and used without our knowledge in a massive distributed denial of service (DDoS) attack, like the one that took down almost half the internet in the United States this fall.
Despite these risks, we all have more urgent things to do than read over terms of service and security statements — deadlines to meet before the office empties out for the holidays, cookies to bake and presents to wrap.
So, quickly, here’s what you need to know.
Devices are different
Not all smart devices are created equal. Cheap, mass produced cameras and baby monitors were the culprits in the recent DDoS attack that took down Twitter, Netflix, PayPal and many other major websites.
As Intel points out, some gadgets have weak security standards. Others lack any security standards at all. While everyone loves a bargain, beware of brands you’ve never heard of that make no mention of security.
Reset the password
One of the biggest problems is a password that cannot be reset. That essentially means someone else has more control over the device than you do.
First things first — change the default user name and password. Passwords should be strong and unique to each device, app or service. Password managers can help create and manage strong passwords across all your devices and accounts.
Use safe Wi-Fi
Smart devices need a Wi-Fi connection. Make sure your Wi-Fi not only is password protected, but also has a complex password, as all your devices should.
Update the software
Often, a new device will have updates waiting as soon as you take it out of the box. So when you turn on your device for the first time, check to see if there are updates you need to install.
Ask the internet
It’s worth a quick Google search to see what other people think of the product.
Some of the biggest criticism for connected consumer devices, aside from having weak security in the first place, is that vulnerabilities are not made apparent at the point of sale. The packaging doesn’t tell you what the potential risks are.
So, before you head to the checkout, read online reviews for the connected device you’re considering. They will raise red flags about past security beaches and provide information the packaging doesn’t reveal, such as having a password that can’t be reset.