You are here

What you need to know to secure your IoT devices

Share this page

Today’s hackers are attacking a lot more than just computers. They’re going after ‘Internet of Things’ (IoT) products – like internet-connected cameras and refrigerators  and using them to create havoc on the internet.

In October, hackers used the “Mirai” malware to attack unsecured IoT devices, turning them into zombie computers to overwhelm and shut down popular websites including Netflix, Paypal and Twitter.

Attacks like that are more than just an inconvenience. They can put your information at risk. So what can you do to reduce the risk of compromise to your home network and smart products?

  • Don’t just click “next” when you set up your IoT device. Review the default settings carefully before making a selection, and use the security features for your device. If it allows you to set up a passcode lockout (“three strikes and you’re out”) and enable encryption, you can add a layer of protection to your device.
  • Download the latest security updates for your IoT device. To be secure and effective, the software that comes with your device needs updates. Before you set up a new device, and periodically afterwards, visit the manufacturer’s website or the device’s settings menu to see if there’s a new version of the software available for download. To make sure you hear about the latest version, register your device with the manufacturer and sign up to get updates.
  • Change your pre-set passwords. The manufacturer may have assigned your device a standard default password. Hackers know the default passwords, so change it to something more complex and secure.
  • Want to know more? Check out the FTC’s additional tips on Online Security, including how to create a strong password and username for your router, and how to check for security updates.


We need a worldwide computer fraud police force to destroy these sites electronically and physically and jail conspirators and money men / women behind them....Where's the UN when you need them to do some "real" police work vice voting against the US most of the time...

Very good information. When it comes to setting up wifi access points, range extenders and routers, it's good to set them up so they do not broadcast their SSID. Changing passwords periodically is also suggested.

Setting the SSID to not broadcast used to be good and standard practice, but it has changed. If you set it to not broadcast, your devices such as your phone or laptop will be implored to search for your network at all times, even at the airport (for example). An attacker can easily claim to be your access point because your devices are telling the entire world within say.. 200 ft, that they are looking for "MyWiFiGetOffMyLawnNet." It's better to simply leave the WiFi router (access point) to broadcast. At least with enterprise networks (like a medium to large business with in-house IT support), there is (hopefully) mutual authentication on your laptop or phone to alert you of the possibility of someone impersonating your network and intercepting your WiFi traffic. If you're concerned about companies using it for WiFi-"assisted" location information, you will need to add each company's code word (i.e. a specific string) to the SSID so not to be indexed. For example, Microsoft, Google, and Apple each have their own prefix/suffix to add to your SSID to opt your WiFi network out of their location databases.

Let's face it, Hackers are bad but Robo Callers are a daily assault on small businesses. We receive as many as 10-15 of these nuisance calls per day which interrupt our work and cost us valuable time and money.

"Before you set up a new device, and periodically afterwards, visit the manufacturer’s website or the device’s settings menu to see if there’s a new version of the software available for download. To make sure you hear about the latest version, register your device with the manufacturer and sign up to get updates."

Really - what I don't want is spam, and unless "registering you device" lets you permanently opt-out of marketing emails, marketing lists and (most important) marketing shares, then I don't register the device.

Why are there no share buttons on this page? Doesn't the FTC want visitors to spread news of its advice to consumers?

I have been blocked out of my face book business page V  S  Est LLC which is a trademark and I am pretty sure I know the person name who is doing it but don't want to say it They have been hacking my business computer phones taking my emails google accts and locale police haven't done anything in 3 weeks and they have even been hacking me through high pitch frequency ways to where they are able to make you here there voices and it has been over a year and 3 months now. They have caused mental anquish and I no longer can fuction as a normal person because it is so distracting its impossible to do day t5o day work or think at all my business has failed my relationship has failed and I am afraid to tell people because it makes me look crazy. Can any one tell me how to make it stop or if they have experienced same type evilness! HELP its invasion of privacy and mind control and I'm on meds I shouldn't be on. they waste my entire day dealing with them to the point I have no normal life any longer

What city and where are you vaguely?

I got the police to work for me . Sorry u have run into this problem. Never trust anyone! I am waiting on The DA to move forward. Be care if u Verizon they will also get into your computer

I'm write from Portugal, from a town named Leiria, and I must tell that I can't navegate with my browser,from 2011 to 2016, because there is a ckacker, from Brasil I think, I`m note sure.He hacked my pc and I brought a lot , now I have seven destroied.I think he is sameone that controls the torrents me please.

thanks for helping me

Leave a Comment