'Smart home' cyber security
Guide to loss prevention
properties.trackTitle
properties.trackSubtitle
Households are becoming increasingly reliant on Internet-connected home technologies; from tablets to smart dishwashers to smart speakers.
This, however, also means ‘smart homes’ are becoming more exposed to cyber threats and data privacy risks.
In 2020, there were more than three times as many cyber-crime incidents in the UK compared to domestic burglary offences(1). Online security needs to be taken as seriously as physical home security, but many consumers still do not apply simple cyber security measures(2).
This guide has been prepared to provide helpful advice on how to protect your smart home from cyber threats. Some examples of loss events are included in this document to illustrate what can happen. A list of the references used in this guide is located at the end of this document.
Any device that is connected to the Internet to store, transmit or receive data is considered ‘smart’. A smart home, also known as a ‘connected home’, may contain many smart devices (such as a mobile phone or smart watch). There are also many smart household appliances and systems available today, including washing machines, temperature controls, kettles, air conditioning, lighting, toothbrushes, security locks and alarms; to name a few.
Vulnerability to cyber-attacks is becoming an increasing threat to smart homes. Malicious attacks on vulnerable smart home systems can cause damage or disruption, or enable criminals to gain access to the wider smart home network.
There are also risks when private information and real-time data of a resident’s activities is compromised (for example, monitoring times when the person is away from home).
When that personal data becomes accessible, the victim(s) may become susceptible to cyber-crimes; which can include data hacking, fraud, email scams, telephone hacking, ransomware, etc. All such cyber-related risks can ultimately lead to financial loss for the victim(s).
Research has revealed that children can be a weak link in home cyber security. Their vulnerability may, for example, lead them to access malicious websites, download viruses, share passwords, etc.
10 simple steps for home cyber security
1. Enable security protections
Wireless routers are known as the ‘digital doorway’ to a home. Invest in a router with strong security features from a trusted vendor.
Ensure that all built-in security protections on your devices are enabled. For example, restrict Wi-Fi access to known devices only, or make your network non-discoverable so that devices need to know your network name in order to connect to it.
Whilst in some cases it may seem more convenient to have security protections disabled, it will make your devices more susceptible to cyber-crime.
For households with children/teenagers, enable built-in parental controls on your computers/devices to prevent them from inadvertently accessing unverified websites that may harm your home network. You may also consider installing trusted third-party parental control software/apps.
2. Install anti-virus software
3. Create secure passwords
Using the same password for different applications is like having one key that unlocks all of the doors in your house.
4. Back-up your data
5. Install the latest operating system updates
6. Only download legitimate software and apps
Only download ‘apps’ and software from trusted sources (e.g. authenticated app stores such as Google Play or Apple’s App Store). This does not only apply to mobile phone apps – Microsoft and Apple have both introduced ‘app stores’ for PCs and Macs.
Never download unknown software, and always be wary of ‘free’ software offered through email or websites. Sites that offer free software or downloadable material that is usually not available for free should raise your suspicion.
7. Protect your online privacy
8. Be vigilant
Remain vigilant and suspicious of unexpected phone calls or emails requesting confidential information (e.g. bank account details). Do not click on email attachments or links unless you are sure that it has been sent from a trustworthy source.
Even if the email looks like it came from a legitimate source, contact the alleged source directly and not through the links or phone numbers in the email. Remember: banks and other similar organisation will never ask for your PIN numbers or full passwords.
9. Monitor your various accounts
10. Be prepared
Be prepared for when a cyber incident occurs. For example, have you considered how you would continue to operate if you could not use your computer systems?
Take the time to plan ahead and make contingency plans so that you know who to contact and how to respond quickly to an incident. This can reduce the impact of financial losses and also help you get your systems back up and running faster.
Case study
Home systems damage
The chauffeur of an insured connected his mobile phone to a coffee shop’s public Wi-Fi network whilst waiting to pick up his client. The phone became infected by a virus through an illegitimate file download by the chauffeur. When the chauffeur returned to the insured’s residence and connected his phone to their residential, poorly-secured Wi-Fi network, the virus spread via the phone across several devices connected to the network. This resulted in data being disrupted on a number of the insured’s home devices.