Checklist: IoT security and privacy

The Online Trust Alliance (OTA) released the consumer IoT security and privacy checklist, which contains steps consumers can take to help increase the security, privacy and safety of their connected home and wearable technologies.

checklist IoT security

OTA recommends consumers utilize this checklist to regularly reassess their security and privacy settings on their IoT devices. Not unlike changing the batteries on a smoke detector once a year, consumers should tune up and optimize IoT device settings regularly.

While many people cite safety as a top reason for buying smart devices and homes, conclusive research shows that security and privacy concerns are the biggest barriers to IoT adoption. OTA hopes that by having consumers play an active role in their smart device’s security and privacy, it will not only increase the security and privacy of those devices but also boost consumer confidence in them.

“In this increasingly complex world of connected devices, consumers cannot take it for granted that their devices remain safe, secure and private year after year,” said Craig Spiezle, Executive Director Online Trust Alliance. “As people acquire more devices, the long term risks to their family and community rise exponentially.”

From connected home to health and fitness devices, consumers are realizing significant benefits from the Internet of Things, but the devices’ growing complexity and popularity make them difficult to manage. As devices age and become unsupported, many risk becoming insecure while still collecting and potentially sharing vast amounts of personal data.

Checklist: IoT security and privacy

  • Inventory all devices within your home and workplace that are connected to the Internet and network. Router reports can help determine what devices are connected to your network. Disable unknown and unused devices.
  • Contact your ISP to update routers and modems to the latest security standards. Change your router SSID to a name which does not identify you, your family or the device.
  • Check that contact information for all of your devices are up-to-date including an email address regularly used to receive security updates and related notifications.
  • Confirm devices and their mobile applications are set for automatic updating to help maximize protection. Review their sites for the latest firmware patches.
  • Review all passwords creating unique passwords and user names for administrative accounts and avoid using the same password for multiple devices. Delete guest codes no longer used. Where possible implement multi-factor authentication to reduce the risk of your accounts being taken over. Such protection helps verify who is trying to access your account—not just someone with your password.
  • Review the privacy policies and practices of your devices, including data collection and sharing with third parties. Your settings can be inadvertently changed during updates. Reset as appropriate to reflect your preferences.
  • Review devices’ warranty and support policies. If they are no longer supported with patches and updates, disable the device’s connectivity or discontinue usage of the device.
  • Before discarding, returning or selling any device, remove any personal data and reset it to factory settings. Disable the associated online account and delete data.
  • Review privacy settings on your mobile phone(s) including location tracking, cookies, contact sharing, bluetooth, microphone and other settings. Set all your device and applications to prompt you before turning on and sharing and data.
  • Back up your files including personal documents and photographs to storage devices that are not permanently connected to the Internet.

“As millions of cars, apps and household devices connect to the Internet, we need to discuss the privacy implications and resolve key questions about data ownership and management,” said Washington State Chief Privacy Officer, Alex Alben. “For the IoT to thrive in the long term, consumers will have to trust that their data and concerns about personal privacy are addressed, and OTA’s recommendations are a positive step to accomplishing this.”