As more and more Internet-connected devices find their way into our homes and businesses, it’s important to remember that they represent a security risk. The Internet of Things (IoT) is growing rapidly, and in the rush for convenience, our privacy and safety is often an afterthought. Leaving them unsecured is the digital equivalent of leaving the back door unlocked.

There are 5.5 million new things getting connected every day in 2016, as we head toward more than 20 billion by 2020, according to Gartner. That’s an awful lot of devices. They might bring all sorts of handy new features, but, whether it’s the latest cutting-edge baby monitor or a wireless doorbell camera that links to your phone, it’s also a network-connected computer and should be treated as such. Here are eight tips to help you secure those IoT devices.

1. Don’t connect your devices unless you need to



The first step is to consider what functionality you need from the device. Just because your TV or fridge can connect to the internet, doesn’t mean you definitely want to hook it up. Take a good look at the features it offers and learn exactly what internet connectivity brings before you connect.

2. Create a separate network

Many Wi-Fi routers support guest networking so that visitors can connect to your network without gaining access to shared files or networked devices. This kind of separation also works well for IoT devices that have questionable security.

3. Pick good passwords and a different password for every device



It’s very important to pick strong passwords, but you must also make sure that you pick a different password for every device. If a hacker manages to get one of your passwords, they will typically try it with other services and devices. Reusing passwords is not a good idea. Use a password manager to keep track of all your passwords.

4. Turn off Universal Plug and Play (UPnP)

Sadly, UPnP can make routers, printers, cameras and other devices vulnerable to attack. It’s designed to make it easier to network devices without configuration by helping them automatically discover each other. The problem is that hackers can also potentially discover them from beyond your local network because of vulnerabilities in the UPnP protocol. Is best to turn UPnP off completely.

5. Make sure you have the latest firmware

If you want to make sure you have the latest security patches and reduce the chances of a successful attack, then you need to keep your firmware fully updated. Vulnerabilities and exploits will be fixed as they emerge, so your IoT devices and your router need to be regularly updated. Automate this wherever possible or set a schedule to check for updates every three months or so.

6. Be wary of cloud services

A lot of IoT devices rely on cloud services, but the requirement for an internet connection in order for something to function can be a real problem. Not only will it not work when the network is down, but it may also be syncing sensitive data or offering another potential route into your home. Make sure you read up on the provider’s privacy policy and look for reassurances about encryption and data protection.

7. Keep personal devices out of the workplace

Don’t take your personal IoT devices to work. There are lots of potential security concerns for wearables. Every enterprise should have a clear BYOD policy, and it’s often a good idea to prohibit personal IoT devices from connecting to the network, or at least limit them to a guest network.

8. Track and assess devices

Businesses need to track everything connected to the network and monitor the flow of traffic. Devices need to be assessed to determine the level of access they should have, to keep them fully patched and up to date, and to protect data end-to-end to preserve its integrity. Unknown devices should flag an alert. Understanding which devices are connected and what they’re doing is a prerequisite for proper security.

If you’re dealing with sensitive data or you’re concerned about privacy, then make sure you have a long hard look at the IoT devices you’re considering. What security protocols do they support? How easy are they to patch? Do the providers have a proper privacy policy? It’s not safe to assume they’re secure because all too often they simply aren’t.

The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Related video: The Dyn DDoS attack, one year later