Things to consider include:
- Is the device made by a well-known reputable company and sold by a well-known reputable store? Well-known reputable companies are more likely to produce devices with security in mind. Well-known reputable stores are more likely to only sell devices from well-known reputable companies, and have a stricter supply chain, ensuring the device gets to you as intended by the manufacturer.
- Is it possible to change the password? It is always good to change your password. However, if the device is shipped with a weak default password, this becomes more important. A device with good security should have unique, unpredictable, complex and hard-to-guess passwords, as weak default passwords are the easiest way to attack a device.
- Does the manufacturer provide updates? It is important that companies offer updates to fix device vulnerabilities as they are discovered. For example, if software on the device contains known vulnerabilities or hackers develop new ways of compromising your device, updates are required to provide fixes.
- Does the device do only what you want it to do? Buying a device that does more than what you need, including connecting to the internet, may reduce your security. Device capabilities that you will not use can increase the device’s vulnerability to attacks without providing any benefit to you.