Secure New Internet-Connected Devices

Original release date: December 31, 2019

During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal and financial information over the internet. The security of this information, and the security of these devices, is not guaranteed. For example, vendors often store personal information in databases, which may be vulnerable to cyberattacks or unintentionally exposed to the internet. Information breaches or leaks can enable malicious cyber actors to engage in identify theft and phishing scams.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users review CISA Tips on Securing the Internet of Things, Preventing and Responding to Identity Theft, and Avoiding Social Engineering and Phishing Attacks, as well as the following steps to make IoT devices more secure:

  • Use multi-factor authentication when available. Many manufacturers offer users the option to protect accounts with multi-factor authentication (MFA). MFA adds another layer of security and can significantly reduce the impact of a password compromise because the malicious cyber actor needs the other factor—often the user’s mobile phone—for authentication. See Supplementing Passwords for more information.
  • Use strong passwords. Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.
  • Evaluate your security settings. Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more at risk. It is important to examine the settings—particularly security settings—and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.
  • Ensure you have up-to-date software. When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.
  • Connect carefully. Once your device is connected to the internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the internet is necessary. If it isn’t, disconnect. See Home Network Security for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Reminder: CISA Publishes Weekly Vulnerability Summaries

Original release date: December 31, 2019

Did you know that the Cybersecurity and Infrastructure Security Agency (CISA) publishes a weekly Vulnerability Bulletin? This recurring item provides a summary of all new vulnerabilities that have been recorded by the CISA-sponsored National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) within the past week. Patch information is provided when available. CISA encourages interested parties to sign up for the email/text list or RSS feed to automatically receive the Vulnerability Summary each week.

This product is provided subject to this Notification and this Privacy & Use policy.