© Crown copyright 2018
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: firstname.lastname@example.org.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/smart-devices-using-them-safely-in-your-home/smart-devices-using-them-safely-in-your-home
Many everyday items are now connected to the internet: we explain how to use them safely.
Smart devices are the everyday items that connect to the internet. This can include both ‘hi-tech’ items (think smart speakers, fitness trackers and security cameras), and also household items (such as fridges, light bulbs and doorbells). Unlike conventional household items, you can’t just switch on a smart device and forget it; you’ll need to check a few simple things to protect yourself.
What is the risk from using Smart Devices?
Just like a smartphone, laptop or PC, smart devices can be hacked to leave your data and privacy at risk. Very rarely, devices have been controlled by somebody else managing the device - often to frighten the victim.
The National Cyber Security Centre (NCSC) and DCMS have developed a Code of Practice to clarify for manufacturers what they need to do to make (and keep) their products secure, and help to keep consumers safe. There’s also lots you can do to protect yourself.
Setting up your device
Before you buy, check reviews of the product and the manufacturer. For information about how to set up a specific device, refer to the manufacturer’s documentation, such as a manual or ‘getting started’ guide that came with the device, the manufacturer’s website (check the ’support’ area first) or within the app itself.
Some smart devices will work without being connected to the internet. Others may need an internet connection, a smartphone app, or for you to create an account. Again, check their website for details.
Check the default settings
Some devices may be insecure when they are first switched on, so you’ll need to take some quick steps to protect yourself.
If the device comes with a password that looks easily guessable (for example admin or 00000), change it
Easily guessable passwords can be discovered by cyber criminals, so make sure you choose a secure one
Managing your account
If the device or app offers Two Factor Authentication (2FA), turn it on. 2FA provides a way of ‘double checking’ that you really are the person you are claiming to be, and makes it much harder for criminals to access your online accounts, even if they know your password.
Some products can be controlled when you’re away from your home Wi-Fi, by creating an online account linked to your device. You can also often back up your settings and data, so you can recover them if you need to wipe your device. However, accessing your device like this can make it easier for other people online to access them without your permission, so make sure you have changed default passwords and enabled 2FA if available.
Keeping your device updated
As with your computers and smartphones, installing software updates promptly helps keep your devices secure. For each of your smart devices, you should:
- switch on the option to enable automatic updates, (if available)
- install any manual updates when prompted
- make sure your device’s operating system is up to date
If something goes wrong
If you’re aware of an incident e.g. in the media and you think your device is affected:
If you think someone has malicious control/access of a device in your home, you should perform a factory reset (see below).
Getting rid of your device
If you decide to sell or give you device to someone else, you should first perform a factory reset. This will return the device to its original settings, and should also remove all your personal data from the device. Check your manufacturer’s website if you need to find out how to perform a reset.