Setting up an IoT device

Internet of Things devices

This information helps the community buy and use Internet of Things (IoT) devices securely. An IoT device is an everyday item that has had internet connectivity added to it. Examples of IoT devices include smart fridges, smart televisions, baby monitors and security cameras. IoT devices within homes and businesses generally use Wi-Fi or cellular networks, such as 4G or 5G, to connect to the internet.

Keep in mind a few simple questions while setting up your device, to help you keep your network and data more secure.
  1. Does the device need to be connected to the internet? Just because it can be connected doesn’t mean that it should. Devices that are not connected to the internet are much less likely to be compromised. If you’re not going to use the features that require internet connectivity, then you should consider whether it needs to be connected.
  2. Is the device in a secure location? If the device does not need to be installed in an insecure area, installing it in a secure location can reduce the risk of physical compromise. Treat your IoT device like any other valuable and keep it behind locked doors if possible.
  3. Do I change the default username and password? It is important that you use a strong password or passphrase. If your device is not equipped with a unique, unpredictable, complex and hard-to-guess password, then you need to change the password. Default usernames and passwords are collected and posted online, leaving your device vulnerable.
  4. Is my Wi-Fi network set up securely, and does it have a secure password? Secure your Wi-Fi network and router to make it harder for attackers to access your device and your network.
    Go the extra mile. Set up an additional Wi-Fi network on your router for IoT devices only. This may be known on your Wi-Fi router as a ‘guest’ network. If your IoT devices do not require communication between each other, enable the ‘client isolation’ feature. Keeping your IoT devices isolated from your sensitive data helps ensure that a compromise of an IoT device does not grant access to your other devices or data.
  5. Are unnecessary device features turned off? If your device has unwanted or unnecessary features (such as cameras or microphones), these should be disabled where possible.
    Go the extra mile. Look for a configuration setting that mentions enabling remote access to the device’s web administration interface from the local LAN or WAN/internet. Ensure it is set to local LAN, unless you require remote access yourself.
Content complexity
Simple
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Become anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Acknowledgement of Country icon
Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.
Authorised by the Australian Government, Canberra