Skip to main content

Keep in mind a few simple questions while setting up your device, to help you keep your network and data more secure.

  1. Does the device need to be connected to the internet? Just because it can be connected doesn’t mean that it should. Devices that are not connected to the internet are much less likely to be compromised. If you’re not going to use the features that require internet connectivity, then you should consider whether it needs to be connected.
  2. Is the device in a secure location? If the device does not need to be installed in an insecure area, installing it in a secure location can reduce the risk of physical compromise. Treat your IoT device like any other valuable and keep it behind locked doors if possible.
  3. Do I change the default username and password? It is important that you use a strong password or passphrase. If your device is not equipped with a unique, unpredictable, complex and hard-to-guess password, then you need to change the password. Default usernames and passwords are collected and posted online, leaving your device vulnerable.
  4. Is my Wi-Fi network set up securely, and does it have a secure password? Secure your Wi-Fi network and router to make it harder for attackers to access your device and your network.
    Go the extra mile. Set up an additional Wi-Fi network on your router for IoT devices only. This may be known on your Wi-Fi router as a ‘guest’ network. If your IoT devices do not require communication between each other, enable the ‘client isolation’ feature. Keeping your IoT devices isolated from your sensitive data helps ensure that a compromise of an IoT device does not grant access to your other devices or data.
  5. Are unnecessary device features turned off? If your device has unwanted or unnecessary features (such as cameras or microphones), these should be disabled where possible.
    Go the extra mile. Look for a configuration setting that mentions enabling remote access to the device’s web administration interface from the local LAN or WAN/internet. Ensure it is set to local LAN, unless you require remote access yourself.