Top 5 IoT Security Mistakes & How to Avoid Them by Sidney Stone


Gartner predicts that the number of IoT devices will reach 25 billion worldwide by 2020. From smart phones to smart cars to voice-activated assistants that respond to our every whim, we as a society are more connected than ever to the Internet of Things. And these connections we’re making? They’re not all that secure.

The problem with the majority of smart devices is that the firmware they are built on is easily penetrated by hackers. In 2016, the Mirai botnet attack took down popular sites like Twitter, Netflix, and Etsy. It did this by accessing IP cameras and launching a DDoS attack on the DNS provider. The hack was made possible by the fact that the software versions were out of date and most of the passwords had not been changed or updated.

So, how can you protect yourself from these types of attacks? If you’re going to use smart devices, you need to be smart about security. Here are 5 common IoT security mistakes and how to avoid them.

Mistake #1: Failing to change the default username and password

One of the first things you should do when installing any new IoT device, whether it’s a mobile phone or a smart home security system, is change the password.

The majority of hacks occur because of default, common, or weak passwords. Not only should you change the password upon installation, you should do it on a regular basis for maximum security. And you’ve heard this before…your password should always be a combination of numbers, special characters and both upper and lower-case letters.

Implementing a 2-step verification process is also recommended. Yes, it can be a pain sometimes to go through an extra step just to login to one of your devices or applications, but it’s certainly not as painful as having your identity stolen or compromised.

Mistake #2: Allowing too many permissions

When you download new apps, you often get the prompt that the app would like “permission” to access your camera, microphone, and even sometimes, your contacts.

You should be extremely selective when it comes to what types of permissions you allow, because each one can you make you more vulnerable to attacks. Giving permission to access your contacts is one of the most common ways that viruses spread because they attempt to attack you and everyone on your contact list.

Keep your permissions to an absolute minimum and only allow one when absolutely necessary for the app. (Instagram, obviously needs access to your camera, but the latest shopping app you downloaded probably doesn’t.)

Mistake #3: Leaving your router vulnerable

Your router may be the most vulnerable place in your home for a cyber-attack, especially if you make mistake #1 and don’t change the default password. If you didn’t change it upon installation or can’t remember whether you did or not, you should change the password immediately.

Never set up an open Wi-Fi network, as you’re basically inviting hackers into your home when you do so. Always follow your router manufacturer’s steps to implement WPA2 encryption for a wireless network.

Also, make it a point to regularly check for updates to the firmware for your particular router. These often include security updates that will give you even more protection.

Mistake #4: Connecting to unsecured networks

It’s so tempting to set your mobile device’s Wi-Fi access to pick up any free wireless network because it’s just so convenient. However, doing so also makes it convenient for someone to hack your phone and steal your personal data.

When in public, you should only login to trusted wireless networks that require a password. Cable providers such as Spectrum now allow their customers to access special secure Wi-Fi network hotspots, but require a login with the cable account username and password.

This should go without saying, but under no circumstances should you ever access your banking app, PayPal, or any other type of financial application when using a public, non-secure wireless network.

Mistake #5: Being lazy with updates

Yes, getting those update notifications over and over can be quite annoying, but you should really make it a habit to update your mobile apps, computers and laptops, and any type of software you use on a regular basis.

As mentioned previously, these updates are there for a reason. They fix bugs that could make your devices susceptible to attacks and make your applications run more smoothly.

Cyber criminals take advantage of the fact that we get lazy and can’t be bothered to perform updates (or change passwords.) The only way to fight back and protect yourself is to take every potential precaution you can to keep yourself from becoming a victim. Remember, an ounce of prevention is worth a pound of cure.

Yes, the Internet of Things is making our lives easier and more convenient than ever. But it’s also opening up a whole new way for savvy cyber criminals to steal your information or hold your important data hostage.

A little inconvenience and a lot of knowledge can go a long way to protecting yourself and all of your connected devices from the never-ending threat of cybercrime.

About the Author:

Sydney Stone is a freelance writer and editor who has written many pieces for various startup and B2B technology companies and has published two collections of ten-minute plays by up-and-coming playwrights entitled Stage This! Currently Sydney is writing for iTechArt, a NYC-based software development company.

May 8, 2018


Mariya Tsarova
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments
netgear tech support canada

the common mistakes which we usually do are mentioned here. we must take attention to this mistakes. the first thing is that we must change the username and password of the new IOT device. we should make our router secure by giving the strong and unique password. we must be conscious when we give any permission to download a new app. the suggestions are nicely explained here.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023