AS HOME AUTOMATION ENTHUSIASTS RUSH to connect digital devices — a video doorbell, a wireless home security kit, a set of Wi-Fi lightbulbs — they are helping build an ecosystem of convenience, safety and efficiency. That ecosystem is the Internet of Things (IoT), the global network of connected smart devices. By 2030, the IoT may comprise 40 billion internet-connected objects.1
For consumers, these devices already have elevated household conveniences and services to new heights. Think sensor-based home-monitoring and communications systems, energy-efficient automated appliances, always-on virtual assistants and increasingly smart automobiles.
Each device connected to a network, however, is also an endpoint criminals can exploit. And research shows they are doing exactly that: One 2024 survey found that 53% of companies suffered a security compromise from a mobile or IoT device, up from 30% in 2018.2
But the problems are not just a function of cybercriminals and unsecure devices. Many consumers don’t prioritize device security due to a lack of understanding of how risky an unsecure device can truly be and unwittingly open themselves to compromise.
For instance, smartphone users often grant broad access to their device’s location services, camera, microphone, contacts and calendar — without knowing whether these requests for permissions are legitimate and how the data they generate will be secured. By providing this access, users may unintentionally give bad actors entry to additional data on the device, including sensitive information like system credentials, credit card numbers and contact information for colleagues, clients, friends and family.
Simple ways to protect your home and its devices
Smart security begins with an assessment of the devices that constitute your personal or family digital footprint. It’s a good idea to make a list of IoT devices in use, how they connect to the internet and what data they generate and share. All this will help you determine potential cybersecurity vulnerabilities.
Some devices, like Wi-Fi videocams and car navigation systems, have been subject to highly publicized hacks. But the full spectrum of potential vulnerabilities doesn’t always make the news.
Smart devices may collect data about your personal life, dwelling, habits or financial accounts, helping refine their performance and making them easier to use. But if the devices remain in public access mode, all this information may end up on the internet, where advertisers can harvest it to expand your consumer profile. This often results in an increase in unwanted pop-up ads as you browse the internet.
Cybercriminals also use personal information to launch social engineering campaigns. In doing so, they take information gathered about individuals and craft communications that look legitimate but are scams.
The risks associated with revealing personal information online demonstrate why it’s important to review any device’s security capabilities. Find out what data is collected, how it is protected and whether it is shared. Explore the product’s security and privacy settings to find out what data-generating features can — and should — be switched off. Also review the IoT device’s privacy settings to make sure you are not sending device information to unintended locations, such as your social media accounts.
If you’re purchasing new equipment like wireless routers and tablets, find out if they have the latest security features. It is also important to know whether those standards can be updated as the technology evolves. The best security can provide powerful encryption and protection against attacks designed to compromise user credentials.
9 best practices to help secure your IoT devices
These tips may help you safeguard your IoT devices and data, while also limiting your digital footprint:
1. Purchase IoT devices that offer ongoing security patches and long-term manufacturer support.
2. Create and maintain an inventory of home IoT devices and applications.
3. Review and manage the data that will be shared by each active IoT device.
4. Consider maintaining non-computer IoT devices on a separate network from your computers, tablets and phones.
5. Regularly update all device software. If available, turn on automatic updates and notifications for configuration changes.
6. Use your router’s network configuration tool to see what devices are attached and disconnect unknown or suspicious devices or connections.
7. Create strong passwords for devices and customize user and object names. Do not use default passwords. Enable multifactor authentication.
8. Create a Wi-Fi guest network.
9. Enable encryption on your router.
Stay connected, stay protected
To help keep your Bank of America account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.
1 IOT Analytics, “State of IoT 2024: Number of connected IoT devices growing 13% to 18.8 billion globally,” September 3, 2024.
2 Verizon, “2024 Mobile Security Index,” August 2024.
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided "as is,“ with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.
