So, You Got A Cool IoT? Well, Did You Secure It?


What is an IoT?

Believe it or not, you may have used or currently have an Internet of Thing (IoT) nearby as you read this article. Take a moment to assess your surroundings, the unwrapped gift, your clothing, and the accessories. Did you see any “thing” that could potentially connect to the Internet or transmit data to another device? There’s a high probability that you did. If not, send me an email at and tell me long you’ve been living off the grid.  Let’s continue.

Simply put, IoTs are objects or physical computing devices that are enabled to connect with the Internet, for instance:

  • Assistive Technologies (AT) increase, maintain, or improve functional capabilities of persons with disabilities (e.g. screen readers and enlargers, hearing aids, voice recognition, wheelchairs, etc.)
  • Virtual Assistants with voice controllers
  • Web-enabled doorbells, security systems, and cameras that you can monitor from your smartphone
  • Light bulbs that you can switch on or off while away from home
  • Smart thermostat you can adjust from remote
  • Smart Vehicles
  • Health/Fitness trackers (e.g., wearable watches)
  • Smart Homes with enabled-appliances
  • Smart Cities
  • HVAC Systems in office and school buildingsAir Purifying at libraries, restaurants, and airlines
  • Smart Solar
  • Farming Equipment
  • Other devices such as Wi-Fi router, TV, cameras, drones, speakers, headsets, smart phones, laptops, printers, gaming systems, and tablets

Now that we’ve reviewed the list, assessed our surroundings and ourselves on our IoT in our possession or around us. Next, imagine the amount of data you are storing on that single device. Think about the type of data being transmitted to another device via the Internet. Don’t get spooked…stay with me, I promise to provide tips on safeguarding your cool IoT.

With your renewed awareness of the types and number of IoTs you have on or around you, the data type and amount stored, and transmitted. Let’s take it to the next level. Now put a dollar amount or value of your data on that IoT or being transmitted (e.g., photos, messages, recordings, username, password, telephone numbers, name, date of birth, address, credit card numbers, and/or geographic location).

Let’s check our pulse… (whew!) The next section highlights some security and cyber threats.

Our Beloved IoT Are Targets

Cybercriminals exploit weak or nonexistent verification or authentication systems to gain access to the IoT device owners’ or the IoT’s network. Therefore, there is an increase in the number of at-home IoT attacks due to poor security protections. Why?

Remember, the coronavirus made its way around the world, and our governments’ issued Stay-At-Home Executive Orders to stop the spread of COVID-19. As a result, more people were mandated to be at home. FYI – cybercriminals take advantage of emotionally charged events, situations or scenarios and this was indeed emotionally charged 2020. There are things we can do to help safeguard ourselves.

Let’s Protect Our Privacy

There will be external forces that are beyond you or my control, so we need to focus on the things we can control. Protecting the home front is something you can do for your home. Here are some tips to help secure and safeguard your device.

  • Tip #1 – Protect the Virtual Gateway to Your Home Network: Always change the factory-set defaults username and password in your IoT (including your cable and/or internet provider router and modem).
    • Bonus – Establish a frequency to perform a digital “spring cleaning” and change all devices’ login credentials.
  • Tip #2 – Use a Passphrase as a Password: Try to combine words or a sentence together. Then consider changing some of the letters to numbers and/or special characters. This approach adds complexity to your passwords.
  • Tip #3: Leverage a Password manager: To retain the growing number login credentials you need to use to gain access to your apps, devices, websites, and systems. If you choose to use a password manager, you only need to remember one (1) password versus multiple (e.g., work systems, home network, social media sites, banking, and school).

Did You Read This Site’s Privacy Policy (aka ‘the fine print)?

If you did “KUDOS”! Yay, you! How long did it take you to read it?   If you didn’t, take a peek after reading this article, it shouldn’t take long.

I found an older stat on how long it took Alexis C. Madrigal (2012) to read the privacy policies she encountered in a year. Overall, it took 76 working days. Technology has significantly advanced since 2012; therefore, the average number of work days it would take to read privacy policies we encounter today. January 1, 2021 is around the corner, who wants to redo this study? Let me know, I’ll write about it for you.

                  Image from The Atlantic (2012)

Nevertheless, I’ll include my Public Service Announcement (PSA) for 2021: “Reading or speed-reading a Privacy Policy is fundamental”; and starting today (the day you are reading this), I will do my best to follow-through.

Do you know how the IoT’s manufacture will handle your data or privacy should there was a breach?  

Although this article is about IoT, the next statement is applicable for any entity rendering a service or product; and they require your information; they should have a published privacy policy for your review. Ask for it if you don’t recall seeing one. If there’s no published privacy policy available, you may want to provide your privacy details to the merchant or service provider without a viewable policy. Even if you read a privacy policy, make sure that you are comfortable with what you read.

As more “objects” become enabled, our privacy protection on the Internet is paramount. Exposure of our private and personal data over the Internet would be catastrophic. Remember the PSA about reading or speed-reading policies is fundamental. As Madrigal discovered in 2012, it took an average of 10 minutes to read that privacy policy in a 12-month period.

As you review the provider or merchant’s privacy statements and policy, gain an understand about their strategies, tools, and/or technologies to protect their your privacy (aka their customer or client). The provided PSA is also applicable for the “things” we download, install, use or wear. Do not “accept all” or “agree all” and everything without reading about privacy protection.