Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices.
The Internet of Things (IoT) has changed the way people live, do business, and interact. Buildings and homes are becoming smarter, more complex and more connected. This massive interconnection leads to new efficiencies and capabilities and unlocks enormous value for consumers, organizations and cities. Nevertheless, these advantages come with great challenges and cyber security risks.
Securing smart homes and smart buildings from cyber security risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. People are spending considerable time at home using smart cameras, wearables and telecommunications to remain in touch with their business, doctors, government, school, friends and family. Utilizing modern technology people stay productive for their work and their housekeeping, but they also become more susceptible to attacks from threat actors that are still looking to cash in by exploiting human nature.
ENISA’s Work on IoT and Smart Infrastructure The Agency has been working on IoT security for a number of years, producing, among other things, work on Security and Resilience of Smart Home Environments, Baseline IoT security recommendations, as well as work in securing Industry 4.0, and IoT software development lifecycle. For more information: enisa.europa.eu/iot |
---|
Securing the home
Social distancing has shifted daily habits with activities pertinent to work, education, healthcare, wellbeing and socialisation happening mainly from home. Most of these activities are taking place in digital format and therefore they rely heavily on connectivity and smart home devices. Many consumers are aware that their smart devices could potentially introduce vulnerabilities in their home network and they should configure them properly. However, they struggle to understand what is required of them to keep their smart thermostat or voice assistants secure. Below, ENISA presents some fundamental measures for securing smart devices:
- Use long passwords, two-factor or multi-factor authentication and, if available, enable biometric features or additional PINs.
- Use different passwords for each device in your home network.
- Observe user guides and enable the relevant security features during the initial setup.
- Enable update notifications and perform updates on a regular basis
- Avoid introducing sensitive information and be aware of the way your information is used.
- Turn off and unplug the device when no longer used
- Configure multiple networks on your router and keep your smart devices on a separate Wi-Fi network.
- Securely wipe your smart device and use “factory reset” function before disposing or returning it back.
Securing the business premises
Almost overnight, in an effort of implementing immediately social distancing, many employees around the globe started working remotely from home and staying away from offices. Outside of the normal and business-as-usual situation, with applying social distancing rules and personnel working in rotation, employees might simply be less diligent about security practices. It has never been more important to proactively secure smart buildings/offices, which they often control systems or operations like data centers dependent on the availability of air conditioning systems.
Securing networks, monitoring network anomalies, identifying malicious behaviour including social engineering and spear phishing attempts and reviewing IoT security configurations is the way forward and in that respect, ENISA provides the following recommendations in addition to the ones mentioned above:
- Enable firewall protection, and ensure corporate network is only accessible from whitelisted services.
- Disable unused ports.
- Apply network micro-segmentation by creating virtual networks to isolate IoT systems from other critical IT systems.
- Enable monitoring and diagnostics and review them regularly.
- Prepare and update the incident response plans according to the current risks.
Smart homes and smart buildings have become the digital shelters for all people in social distancing. Securing them is a shared responsibility and everyone should take part in achieving a more secure and resilient digital environment both at home and at work.
Further Information
For further information related to the cybersecurity aspects of the COVID19 pandemic, consult the ENISA pages dedicated to this issue under the Topic COVID19