December 2018: Securing New Devices in an IoT World

Authors:: Petr Brym
Published:: Monday, September 25, 2017
Columns:: Cybersecurity and Privacy

min read

Campus Security Awareness Campaign 2018
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting our security awareness resource page.

The Internet of Things (IoT) continues to expand as more of our "things"—in our homes, our cars, and our pockets or purses—include chips, tags, or sensors that are ready to connect to the digital world. There's no denying that new devices are fun, but while there are more opportunities to interact with people, share information, and stay connected, we also need to be aware of the risks these things may introduce. Here are some tips to help your end users ensure that their new devices are an asset, rather than a liability.

Get the Word Out

Newsletter or Website Content

Without a doubt, the Internet of Things makes our lives easier and has many benefits; but we can only reap these benefits if our Internet-enabled devices are secure and trusted. Here are some tips from the STOP. THINK. CONNECT. campaign and National Cyber Security Alliance [https://staysafeonline.org/blog/evolving-digital-life-cybersecurity-evolving-internet-things/] to increase the security of your Internet-enabled devices:

Keep a clean machine. Like your smartphone or PC, keep any device that connects to the Internet free from viruses and malware. Update antivirus and anti-malware software regularly on the device itself as well as the apps you use to control the device.
Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices. Don't forget to use a strong password and update software regularly to protect your Wi-Fi router at home.
Understand how to keep IoT devices up to date. This includes any software updates that might be needed and passwords or other ways of securing devices.
Understand what's being collected. Most IoT devices require data collection. Take the time to understand what information your connected devices collect and how that information is managed and used.
Where does your data go? Many IoT devices will send information to be stored in the cloud. Understand where your data will reside and the security protecting your personal information.
Do your research! Before you adopt a new smart device, research it to make sure others have had positive experiences with the device from a security and privacy perspective.

Internet of Things 101. Cars, healthcare devices, appliances, wearables, lighting, and home security all contain sensing devices which allow consumers to control them remotely. In addition, these devices collect data and literally 'talk to one another'. — *Source:* STOP. THINK. CONNECT. Internet of Things 101 [https://staysafeonline.org/resource/internet-things-iot/] infographic

**Figure 1. Use this image to support your message**

Social Posts

Note: These are Twitter-ready, meeting the 140-character length restriction.

Keep a clean machine! Update software & apps often to keep new devices free from viruses and #malware. #IoT #CyberAware
Do you understand how that new #IoT device works, how it connects to the Internet & the info it stores/transmits? #CyberAware
Secure your Wi-Fi network to help protect mobile & #IoT devices. Use a strong password for your wireless router & update software often. #CyberAware
Know how to keep #IoT devices up to date and learn how to change/update passwords. #CyberAware
Understand what's being collected! Most #IoT devices will collect your info. Do you know how it's managed/used? #CyberAware
Where does your #IoT data go? Find out if your personal info is stored in the cloud & how it's being protected. #CyberAware
Do your research BEFORE you adopt a new #IoT device. #CyberAware #PrivacyAware

E-Mail Signature

Ask staff members to add a tip to their e-mail signature block and link to your institution’s information security page.

Example:

Jane Doe

Information Security Office

XYZ College

Are you logged in as a standard user? Learn more. [Link "Learn more." to your institution's information security department page or NCSA's IoT infographic [https://staysafeonline.org/resource/internet-things-iot/].]

Embed or Share Videos

Risks of the Internet of Things (1:40 min)

How It Works: Internet of Things [https://www.youtube.com/watch?v=QSIPNhOiMoE] (3:38 min)

Resources

Share these resources with end users or use them to inform your awareness strategy:

Download and distribute NCSA's infographics: Internet of Things 101 [https://staysafeonline.org/resource/internet-things-iot/].
Use Google Help's recommendations to create a strong password and keep your accounts more secure.
Learn how to protect your mobile device using these tips from the Federal Communications Commission. Malwarebytes Labs also suggest the top 10 ways to secure your mobile phone.
Follow these tips from the Center for Internet Security to secure new devices.
Watch this short video from the Federal Trade Commission so you can protect your computer [https://www.consumer.ftc.gov/media/video-0081-computer-security]. And follow the US-CERT's security tips before you connect a new computer to the Internet.
See our previous Campus Security Awareness Campaign blogs about mobile device security: December 2017: Your Mobile Devices Won't Secure Themselves! and March 2016: Securing Mobile Devices.

Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

ParentTopics:: Cloud Security Cybersecurity Data Security Internet of Things (IoT) Mobile Computing Security Awareness