Be smart about your smart devices

15 September 2020: Use of technology has become more prominent than ever since the COVID-19 pandemic began. With this in mind, now is a good time to consider the security of the devices you use each day.

Smart devices offer enhanced functionality, but also increase potential exposure to cyber security risks. The good news is that regular maintenance checks can greatly reduce the risk of cyber threats.

More and more devices are gaining “smart” functionality, in which connectivity enables interactions with other devices to deliver a richer, easier to use experience for end users. The expression “Internet of Things” – commonly abbreviated to IoT – was coined to describe this increasingly pervasive layer of smart device-to-device and device-to-network interaction.

The Internet of Things is here already

You may have heard about the Internet of Things and just thought it was an intangible concept or a media headline. If so, look around your home and workplace: smart devices including watches, home monitoring devices, mobiles and tablets are widely used. In other words, there’s a very good chance that your home and your workplace are already a part of the Internet of Things.

All these networked interactions happening behind the scenes are wonderfully convenient, but they also increase what cyber security specialists call the “attack surface”, i.e. the possible avenues of cyber attack. This cyber security risk must be taken seriously, but the good news is that in most cases a simple regular maintenance routine will greatly improve your security.1

Security tips for your smart devices

Here are some key tips for users of smart devices:

  1. Software updates routinely include security patches, so be sure to check regularly that the software on your smart devices stays up to date.
  2. If any of your devices are no longer supported by the manufacturer, consider replacing them or disconnecting them from the internet.
  3. If you replace your device, ensure that you change the manufacturer’s default password and enable multi-factor authentication (if offered).
  4. For more information and guidance, see the Australian Cyber Security Centre’s Tips to secure your Internet of Things device and the Australian Digital Health Agency’s Seven Steps to Securing Your Smart Health Devices.
  5. Healthcare providers can also refer to the Therapeutic Goods Administration’s guidance on Cyber security for medical devices, as well as their information about news and updates.

Advice for software developers and IoT service providers

ACSC code of practice

Australia’s 2020 Cyber Security Strategy outlines the need for improved security practises for devices to reduce the risk of cyber compromise of Australia’s online community and critical infrastructure.

In response, the Department of Home Affairs has developed a Voluntary Code of Practice for industry to lift the security of Internet of Things devices in Australia2.

This document describes 13 principles, primarily targeted at:

  • device manufacturers
  • IoT service providers
  • mobile application developers
  • retailers

  1. For example, an audit of the 2017 WannaCry ransomware attack on the NHS found that it could have been prevented by keeping device operating systems up to date and managing network firewalls. 

  2. Australian Government, Department of Home Affairs - Joint media release Lifting the cyber security of the internet of things: voluntary code of practice (3 September 2020).