Smart home devices make people’s lives more efficient. However, implementing cyber security of smart home devices is just as important as the physical security of our homes. Below are three popular initiatives by governments to help secure consumer IoT, particularly smart home devices.
- The Department for Digital, Culture, Media, and Sport (DCMS) published a Code of Practice titled “Code of Practice for Consumer IoT Security” to support all parties involved in the development, manufacturing, and retail of consumer IoT. Essentially DCMS guidelines are proposed to ensure that IoT products are secure-by-design and to make it easier for people to stay secure in a digital world.
- The Federal Trade Commission (FTC) proposed in a detailed report on the IoT concrete steps that businesses can take to enhance and protect consumers’ privacy and security. Additionally, it introduced further guidance for companies to implement “reasonable security” in order to actively enhance and protect consumers’ IoT privacy and security.
- The European Union Agency for Cybersecurity (ENISA) in their publication titled “Security and Resilience of Smart Home Environments” present examples of actions for users to perform in order to: choose a smart home device securely, operate a smart home device securely, and use online services for smart home securely. ENISA later introduced good practices guidelines for securing IoT products and services throughout their lifetime.
There are a number of measures and practices identified by the three bodies above that apply to different IoT stakeholders. The stakeholders can range from device manufacturers to service providers to mobile application developers, and more. One core recommendation that applies, especially to the device manufacturers, is that of having no default passwords. The recommendation of changing the device’s password, and potentially have a unique password for every device, is something that I emphasize.
In case you want to know more about how to secure your smart home or are simply curious about IoT security and privacy, you are welcome to get in touch.