New research by the leading cybersecurity solution NordVPN shows that people in the US don’t take the security of their IoT devices seriously. Almost 89% of Americans have some kind of IoT device in their household. However, respondents in the US take very little action against the risks, with almost 1 in 5 taking no measures to protect the devices.
“As the research shows, the more devices people own, the more vulnerable they usually are. Manufacturers surely have to take responsibility for the safety of their products, but users play a big part in their own cybersecurity,” digital privacy expert at NordVPN Daniel Markuson comments.
The survey on IoT devices also showed what cybersecurity habits people in different countries lack, what smart devices they usually purchase, and who, in their opinion, should be responsible for keeping those devices protected.
What is the problem with IoT devices?
IoT devices, by their very nature, collect and send information. This might be done securely and for a specific purpose, such as an encrypted message to tell your heating to turn off. But it might also be leaky, either through bad encryption (or none at all) or through giving away extra information. For example, the internet-connected camera on your front door might let you know when a visitor is there, but, if someone else is watching, it could also reveal when the house is empty, or when children are home alone. In 2020, dozens of Amazon Rings were hacked resulting in a lawsuit against the company.
“IoT device makers are in a rush to sell the gadgets as quickly as possible. This means that they are shipping them out with the minimum features required for them to function, shortening the development process and cutting costs as much as possible. This is great for device makers, but horrible news for consumers. When things are rushed, they leave huge gaps in security,” Daniel Markuson adds.
User behavior is just one extra aspect of a potential security vulnerability in light of all the technical and structural issues. Still, there are often simple steps we can all take to improve the security of the devices and networks in our homes or offices.
Americans actively use IoT devices but don’t protect them enough
Overall, the vast majority of us have some kind of IoT or connected devices in our homes, even if it’s just a router. In fact, only 12.3% of the people surveyed did not have any of the listed devices. The US saw an active use of IoT devices, with only 11% of people saying they had none of the devices in their homes. But they also took very little action against the risks, with almost 1 in 5 taking no measures to protect them.
It’s not just people in the US who need to improve their habits. The UK showed worse results, with 19% of people with IoT devices taking no protective measures. People in the Netherlands and Canada had the best devices-to-behaviors ratio, although France scored well mostly by having much fewer devices (only 77%).
More information about the research results of other countries here.
What can be done to protect the privacy of IoT devices?
41% of users think that manufacturers should be responsible for the safety of the devices they produce, while 56% see it as their own responsibility. The research shows that the main vulnerabilities users are worried about are deprecation (76%), followed closely by privacy issues (75%) and design problems (particularly encryption) (75%).
Daniel Markuson provides some tips for all IoT device owners:
Look into the privacy issues associated with the devices you purchase. Review tech sites that dig into privacy and security issues or buy devices certified by organizations like ioXt.
Create sophisticated passwords. Use a secure password manager, like NordPass, in case you forget passwords easily.
Keep devices patched and up to date. Check if your devices update automatically, and, if not, make sure they are running the latest firmware.
Turn off features you don’t use. Having unused features running in the background opens up unnecessary vulnerabilities or privacy issues.
Install VPN on your router. VPNs can help prevent man-in-the-middle attacks by encrypting your traffic, covering many of the issues with poor encryption on IoT devices.
You will find more information on possible vulnerabilities and the ways to be protected on NordVPN’s research page.
We conducted the survey via CINT. A total of 7,000 people were surveyed, with 1,000 representatives from each of the following countries: Australia, Canada, France, Germany, the Netherlands, UK, and US. Participants formed representative samples across gender, age, family situation, and income levels. The questions revolved around which IoT devices people had in their homes, what measures they took to secure them, and whose responsibility they think it is to ensure the security of IoT devices. The survey results were cross-referenced with a new user-focused taxonomy of the main vulnerabilities IoT devices are exposed to. The timeline and taxonomy were generated through a review of the key literature on IoT security and vulnerabilities, as well as looking at press coverages of major attacks.
NordVPN is the world’s most advanced VPN service provider used by over 14 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion Over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy. For more information: nordvpn.com.