How to protect your smart home data
By Andrew Laughlin
Without proper security, smart gadgets could put your home at risk. We help you protect your privacy and keep your smart home secure.
Smart home products and devices can have many benefits. The convenience of being able to operate your lights, speakers, thermostat and more from an app on your phone is hard to live without once you've tried it.
However, our research has previously found serious flaws in popular smart devices, which you can also see in our video above. Cyber criminals could exploit these vulnerabilities to steal your personal data or seize control of your smart home wi-fi network.
Read on for expert advice on how to secure your smart home.
We rate all the smart hubs we test for how they protect your security and privacy. Find out which models performed best overall in our smart home hub reviews.
How to keep your smart home data secure
1. Set strong (yet memorable) passwords
One of the first things you should do when you set up your new smart home device is set your own password. This is because the default passwords set by manufacturers are often generic and used on multiple devices.
'00000000' or 'admin' is far too easy a password for an attacker to guess. Even if the default password is strong, we would never recommend that you leave it unchanged.
To improve security on your connected devices, including your home router, you should set a strong yet also memorable password, or rather, a passphrase.
Previous thinking on passwords was to have a long and complex jumble of letters, number and characters. However, as that is hard for most people to remember, instead try picking three random words and chaining them into a passphrase. For example, rabbitheadlighttaxi.
You could add in a number or character to increase security, but don’t use real personal information for this passphrase, and don’t use the same passphrase multiple times across a number of devices.
For more information on this, head to our in-depth guide to how to create secure passwords.
If available, two-factor authentication, or 2FA, can significantly increase your security. It does this by requiring an additional step, usually a text message sent to a registered mobile number, to log in to the account. Find out more about 2FA, including how to set it up, in our in-depth guide.
Even if the default password is strong, we would never recommend that you leave it unchanged.
2. Set up devices securely
Even if they aren’t flagged to you during the set-up phase, there may be additional security and privacy controls available to you. Dig into menus in the app or web interface to see what privacy controls you have available.
You can sometimes set what data is collected and shared, so it’s worth spending time to investigate. The Google Android and Apple iOS operating systems also now enable you to control more aspects of what data smartphone apps can access. Check the settings menus in your device for this.
Also, bear in mind that you don’t always have to use your real information. We use simulated data in our testing, and you can, too. Set up a ‘spam’ email for creating accounts or signing up to services. This process, also known as ‘dirtying’ your data, means the impact is minimal if something does go wrong.
Before you splash out on that smart device, consider whether it's worth the possible privacy trade-off.
3. Keep your software up to date
Just like your phone or computer, smart devices get software updates that add features, adjust performance and improve security.
Hackers are always coming up with new ways to infiltrate your network, and updates allow manufacturers to install software to combat new malware and security loopholes that make your smart home vulnerable.
Some smart devices will update automatically, but it's worth checking the device or app periodically. Always ensure that your products are up to date with the latest software to ensure you have the latest security fixes.
In addition, you should ensure that the companion mobile app for the device is also kept up to date. Check the settings in the app to see if you can enable automatic updates so you don't have to remember to check.
4. Think about where you put devices
Voice-controlled tech, such as the Amazon Echo and Google Home, are susceptible to the simplest hack of all - someone else talking to them.
The Echo can be used to order things from Amazon with a simple command. If it's placed by a window or is easily visible from the street, an opportunist attacker could use it to order expensive items and intercept them.
You can turn off 'voice purchasing' from the Echo's Alexa app or you can set up a four-digit passcode to give an extra layer of security.
5. What should I do if my device has potentially been compromised?
First of all, don't panic. You may have read about a device your own having a security issue but that doesn't automatically mean your product is affected.
Go to the website of the manufacturer of the device and/or app and see what information is available on what's going on and what you should do next.
As always, remain vigilant about any unusual emails or messages you receive, even from seemingly known sources.
With simple, common sense steps, you can significantly reduce your chances of being targeted by cyber-criminals.
6. If in doubt, switch it off
Smart speakers are always listening for their 'wake word', such as 'Alexa' in the case of the Amazon Echo, and wireless security cameras don't stop watching unless you turn them off. If you want absolute privacy or you're worried your network may have been compromised, the best thing to do is pull the plug.
Smart products can be incredibly useful. With devices like TVs, it’s actually hard to buy a non-smart model. However, before you splash out on that IoT toothbrush or robot vac, consider whether the extra functionality it brings is really worth the possible privacy trade-off.