CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Secure New Internet-Connected Devices

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Tue, 31 Dec 2019 14:32:33 -0600
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



Secure New Internet-Connected Devices [ 
https://www.us-cert.gov/ncas/current-activity/2019/12/31/secure-new-internet-connected-devices ] 12/31/2019 01:44 PM 
EST 
Original release date: December 31, 2019

During the holidays, internet-connected devicesalso known as Internet of Things (IoT) devicesare popular gifts. These 
include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added 
convenience to our lives, it often requires that we share personal and financial information over the internet. The 
security of this information, and the security of these devices, is not guaranteed. For example, vendors often store 
personal information in databases, which may be vulnerable to cyberattacks or unintentionally exposed to the internet. 
Information breaches or leaks can enable malicious cyber actors to engage in identify theft and phishing scams.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users review CISA Tips on Securing the Internet 
of Things [ https://www.us-cert.gov/ncas/tips/ST17-001 ], Preventing and Responding to Identity Theft [ 
https://www.us-cert.gov/ncas/tips/ST05-019 ], and Avoiding Social Engineering and Phishing Attacks [ 
https://www.us-cert.gov/ncas/tips/ST04-014 ], as well as the following steps to make IoT devices more secure:


  * *Use multi-factor authentication when available.* Many manufacturers offer users the option to protect accounts 
with multi-factor authentication (MFA). MFA adds another layer of security and can significantly reduce the impact of a 
password compromise because the malicious cyber actor needs the other factoroften the users mobile phonefor 
authentication. See Supplementing Passwords [ https://www.us-cert.gov/ncas/tips/ST05-012 ] for more information. 
  * *Use strong passwords. *Passwords are a common form of authentication and are often the only barrier between you 
and your personal information. Some internet-enabled devices are configured with default passwords to simplify setup. 
These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help 
secure your device. See Choosing and Protecting Passwords [ https://www.us-cert.gov/ncas/tips/ST04-002 ] for more 
information. 
  * *Evaluate your security settings. *Most devices offer a variety of features that you can tailor to meet your needs 
and requirements. Enabling certain features to increase convenience or functionality may leave you more at risk. It is 
important to examine the settingsparticularly security settingsand select options that meet your needs without putting 
you at increased risk. If you install a patch or a new version of software, or if you become aware of something that 
might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits [ 
https://www.us-cert.gov/ncas/tips/ST04-003 ] for more information. 
  * *Ensure you have up-to-date software. *When manufacturers become aware of vulnerabilities in their products, they 
often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability 
within your devices software. Make sure to apply relevant patches as soon as possible to protect your devices. See 
Understanding Patches [ https://www.us-cert.gov/ncas/tips/ST04-006 ] for more information. 
  * *Connect carefully. *Once your device is connected to the internet, its also connected to millions of other 
computers, which could allow attackers access to your device. Consider whether continuous connectivity to the internet 
is necessary. If it isnt, disconnect. See Home Network Security [ https://www.us-cert.gov/ncas/tips/ST15-002 ] for more 
information. 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: