smart thermostat

Tips for Increasing Security in Your Smart Home

On their own, smart home devices do not protect themselves. Users must take action to protect their privacy and data security.

Smart home technology is rapidly growing and changing the landscape of modern homes. IoT devices—which have long been used in various industries—are now creeping into the household faster than consumers can adapt. As with any innovation, there are accompanying risks and dangers. The most pressing issue with connected devices is their inherent lack of robust security, since some manufacturers—many argue—seem to be more concerned about making money quickly than providing long-term protection to consumers.

The risk associated with connected devices at home is mostly virtual, that is, unseen, and generally negligible. That said, when pushed further, these risks can easily inflict consumers with financial, emotional, psychological and even physical damages.

Network possession and break-in

The most serious risk consumers face, if their smart home devices are compromised, is to lose control of their network. This scenario has occurred many times in government and private entities when hackers take full control of their systems and keep them out of their networks. When bad actors take control of all devices in a smart home, they can unlock and disable smart locks, disable the alarm system, turn off cameras and execute a clean break-in.

Espionage and data breach

Cyberstalking is the most common risk consumers face when their devices are compromised, because hackers do not need to take control of the entire network to execute the act. This act can be performed remotely on the other side of the world. In fact, in most cases, consumers are not even aware that they are silently monitored. Hackers can extract sensitive recordings, videos, files and money to inflict emotional, psychological and financial damages.

Miscellaneous attacks against consumers

Hacking, for the sake of it, is the new normal—as if owning a smart device nowadays is tantamount to getting hacked. When part or all IoT devices in a smart home are compromised, hackers can execute serious attacks against the homeowner or using the consumer’s IoT devices to attack others. The following are some of the most common attacks used by hackers:

  • Gain monetary profit
  • Create a hub for cryptocurrency mining
  • Carry out denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against an institution
  • Create a botnet using smart home devices
  • Steal PII or financial credentials
  • Destroy connected devices
  • Cause chaos and destruction inside homes
  • Mislead victims by making devices send or display wrong information
  • Trigger falls alarms

How to Mitigate Risk

Unfortunately, as with all technology, an impenetrable IoT device has yet to be invented. That said, with persistence and hard work, consumers can mitigate and soften the risk and attain a higher level of security if they implement layered security on their smart home.

1. Network Security

The first layer of defense against hacking starts with protecting the network, by which all IoT devices in a smart home are connected. As the heart of a smart home, the network is the most critical component because it is where all devices are seen and exposed. It is where endpoints or entry points are created. If the network is shielded, all IoT devices inside it are also protected.

Two of the most reliable network security providers in the market today, which are designed and developed for smart homes, are Bitdefender Box 2 and Norton Core.

2. VPN

A virtual private network (VPN) does not provide outright security against malware (worms, viruses, etc.) and phishing, but it can confuse potential hackers. A VPN is effective in encrypting the homeowner’s website traffic, along with the communication sent and received by all the IoT devices connected to the network as they reach out to the outside world. A VPN effectively wraps the traffic in an encrypted tunnel as it travels in and out of the network, so outside onlookers are blinded.

As a secondary layer of protection, a VPN is a mandatory accessory that can significantly reduce the risk of being exposed to hackers.

3. Router

The router is an essential component of any smart home, without which, IoT devices will not be able to communicate to the outside world. The router is also responsible for giving all smart devices access to the network and connectivity, so they can communicate with each other. In itself, the router provides a minimum amount of security called a firewall to all connected devices. However, by configuring the router, the homeowner can achieve some level of protection against hacking:

  • Disable SSID broadcast. As a precaution, consumers should know all the features of their router and know when to disable them when they are not needed. The most neglected feature that consumers often leave untouched is the router’s ability to broadcast the Service Set Identifier (SSID) or the Wi-Fi name. By disabling the router’s ability to broadcast its SSID, consumers are significantly reducing the risk of exposure. And by hiding the Wi-Fi name, consumers are effectively disabling one possible entry point to the network.
  • Change admin credentials. Many consumers do not change the admin credentials that come with their routers. In addition, many consumers do not even know how to change the default credentials at all. You do not have to be a hacker to penetrate the router, as most admin credentials are publicly available.
  • Change the SSID name and password. Consumers should also know how to change the SSID name and the corresponding password. Changing SSID names and passwords from time to time is a good deterrence against hacking.
  • Isolate all guests to a separate network. It is also a good idea to create an exclusive network for guests. The router has a dedicated guest network ready to be enabled when needed. Routing all guests to a separate network will mitigate the risk of exposure.

4. Special protection for critical devices

Of all the connected devices in a smart home, the personal computer is perhaps the most critical piece of device that must be wholly protected because it is where sensitive information is stored. It is where online accounts are accessed. It is where files are downloaded, obtained and sent. In most cases, an antivirus for computer already includes an array of protection, including antivirus itself, firewall, file encryption, antispam, ransomware protection, password manager, data protection, video and audio protection, anti-tracker, anti-theft, and even VPN. The same antivirus protection can be extended to also protect mobile devices.

5. Password manager

For many consumers, running a smart home is challenging. And assigning each device with a unique password is even more burdensome, especially if they are connecting multiple devices to the network. As a result, the same password is often recycled and assigned to every device across the network, email addresses and online accounts, and even bank accounts! The damage—even when only one device is compromised—is catastrophic. The hacker can surely maneuver himself around the network and access everything using the same password. The solution is to create a unique and strong password for every device and every account. A password vault—like 1Password—is needed to store and encrypt all passwords. The password manager can generate a unique password for every device. It will alert the user to change six months or older passwords.

6. 2FA

The final layer of protection available to consumers is to enable two-factor authentication (2FA) if supported by the device. The majority of online membership accounts nowadays already support 2FA. This layer of protection is plain simple but effective. Whenever there is an attempt to access the device, it has to be first verified by a code sent through a verified mobile number or email address. Failure to verify, will keep the device locked forever.

Outsmarting Hackers

Unfortunately, there is little the consumers can do to prevent hacking, especially if the bad guys are determined professionals and really want something of value from the consumer. Outsmarting them is the most effective way of preventing hacking:

  • Map all devices in the network. As homeowners, it is smart to map all devices in the smart home. It is critical to have a clear accounting of all the devices along with their admin credentials (username and passwords), IP addresses and what network they are connected to.
  • Patch vulnerable devices. Manufacturers of IoT devices regularly release patches and firmware updates to make their devices more secure. As users of smart home devices, consumers should take advantage of these updates. It’s also recommended to enable auto-update on their devices.
  • Change default settings. Smart home makers ship out their products with simplified configurations (sometimes with admin credentials printed on the device), so users can set them up quickly without losing their minds. Once fully set up and connected to network, consumers should take some time to configure each device and beef up security.
  • Replace compromised and unsupported devices. For no reason, manufacturers sometimes stop supporting their products, stop releasing patches and firmware updates, or cease operation. As a homeowner, you should conduct routine security checks to determine the health of every IoT device in the network. If no longer supported, it may be wise to dispose the product.

The Takeaway

The most significant benefit of using IoT devices at home is that they can make life easy by offloading some of mundane tasks from users, and quite honestly, provide some level of security and convenience to users. The downside is that these devices create unnecessary endpoints or entry points for hackers. On their own, smart home devices do not protect themselves. They must be protected by the users so they can continue to protect them.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink


    Shooter Detection Systems (SDS), an company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3