IoT Gift Guide: How to Give Secure Smart Home Devices During the HolidaysThe Internet of things (or IoT) is growing at a rapid pace, as each year people add more smart home devices to their lives. They were a big hit last holiday season, and they’re likely to be popular again this year, so you may be considering giving some smart devices away as gifts. However, before you start your holiday shopping, it’s important to consider whether the gifts you’re eyeing are cybersecure. Not all IoT products are made the same in terms of security, and the smart device you give someone could come with a host of privacy concerns that put their personal information in unwanted hands. Which features should you look for to find safe smart home devices for your friends and family?

Security

Cybersecurity is a massive problem for smart devices, as many companies that make IoT gadgets either seriously neglect or don’t even build security measures into their products. Hacked smart home devices can serve as an easy entry point to your network, and by extension, anything that connects to your network, such as your computer or smartphone. They can also be conscripted into botnets, which are networks of compromised devices that hackers can harness to carry out other illegal activities such as DDoS attacks. Without specialized knowledge, it can be difficult to tell which products have adequate security, but there are a few basic features to look for in devices that both enhance their cybersecurity defenses and show that the manufacturer cares at least a little bit about protecting its customers. You should be able to find whether a particular device has these features by looking on the manufacturer’s website or reading reviews of the product.

The first is changeable credentials, which means you can alter the device’s username and password. A lot of smart home devices come with default credentials, but some won’t let their users change those credentials, and an unchangeable default password on an IoT gadget can be as bad as no password at all. It’s often fairly simple for hackers to figure out those default credentials, and then create programs that automatically find and hijack any IoT products that are still using them while connected to the Internet. As a result, some smart home devices can be compromised by a hacker in as little as a few minutes after they first go online. The second thing to look for is whether the device receives manufacturer updates. Software updates are a necessary part of any Internet-enabled hardware, as they can fix vulnerabilities and issues that inevitably surface after the product releases. Ideally, any smart device you give as a gift will download and apply updates automatically, as manual updates are easy to forget and put the responsibility of security on the gift’s recipient.

Identity theft

To make sure the device doesn’t put its user at risk of identity theft, a feature you should look for is the ability to erase any information stored on the smart home device. Eventually, whoever you give this gift to will likely recycle the device, sell it or throw it away, so you want to make sure they can wipe any personal information the product may have held before it’s out of their hands. Look for evidence that the product has some sort of erase or hard reset feature to clear those details before you give it as a gift. For instance, Amazon Echo devices are linked to your Amazon account, and device owners can unlink their account as well as reset the entire device to factory settings to erase any stored data before getting rid of it.

Privacy

Unfortunately, not only do you need to consider whether your gift is secure against outside threats, but you also need to see whether the manufacturer itself is on the level with regards to privacy. Some smart home devices gather large amounts of data from their users and send that data to third-party companies that are often free to share or sell it with anyone they wish. Before you buy a smart device, check the product’s privacy policy and terms of service (either one or both should be available on the manufacturer’s website) to see what kind of data the device collects, how the manufacturer will use the data and whether users can ask the company to delete their data. It’s important to note that some shady IoT manufacturers may have policies that don’t conform to the law. If you see terms in a product’s privacy policy that seem really invasive, it’s better to err on the side of caution and avoid that product altogether.

Being responsible about giving smart home devices as presents can take a bit more work and research than you may be used to, but it’s hard to deny that they often make amazing gifts, so the effort can be well worth your time. To learn more about how you can enjoy the Internet of things without compromising security, follow our Internet of things blog.