Smart home technologies provide a quick and simple solution for a range of tasks. But is this trade-off for a snap-of-the-fingers convenience creating a strain elsewhere?
Security vulnerabilities within some devices, or at least the way in which they are set up, may be keeping the door ajar, allowing access for cyber criminals.
In most cases, passwords are the first line of defence.
“Any sort of online service that you use, any web page, you should always use a 100 per cent random and unique password,” said Robert Covell, service manager with the Calgary-based ITeam. To keep track, he suggests using a password manager.
“If one of these (online) services is breached and they do manage to get your password, they have only gained access to that one service.”
Rather than setting a password, he recommends passphrases – a 25-to-30-character sentence.
“When it comes to a computer brute-forcing a password, it makes no difference to the computer if it’s a ‘3’ or an ‘e’ or an ‘a’ or an ‘@.’ All that we’ve done by making complex passwords is making passwords that are difficult to remember.”
Brute-force is a systematic approach to decrypting data.
“Every character you add will add exponentially to the time it takes to brute-force attack it,” says Covell.
When setting up a home Wi-Fi network, locking it with a password is a must, says Covell. He also recommends WPA2 or WPA3 encryption.
Covell has a “junk” email account, which he uses exclusively for registering for online services.
“It never ties back to my primary, day-to-day address,” he said.
“By doing that, they may gain access to one simple and inane service and try those credentials other places. If your Facebook account is the same as your Hotmail address, and the same as your online banking, you can be in for a world of hurt.”
For privacy protection, Shawna-Kay Thomas, external communications specialist for the Better Business Bureau, also suggests looking into how a company plans on using the information you share during registration and going forward.
To that end, when activating a smart device, stick to the company website.
“You may see ads pop up or a website that says you can active your device there,” said Thomas. “Then you’re giving the person behind that website your information when it’s not the legitimate site to activate your device.”
An indirect route to one’s personal details has come through voice-activated calls to businesses, which are available from some in-home smart technologies, says Thomas.
“There are fake websites out there that are mimicking legitimate contractors,” she said.
“Scammers have done unscrupulous things to get their ads bumped to the top of Google searches. When your voice is telling Google to call a particular contractor, it’s going to pull the first or most popular (result).
“That’s very risky because they’re having conversations with that fake business and may be passing on valuable information to that fake business.”
The lesson here is simple: find the company’s contact number by visiting its website directly.