After you've setup your Internet of Things (IoT) devices, check out password options. Unfortunately, not all vendors will allow you to change default settings -- but where possible, you should do so as soon as possible. It takes only a quick search online to find lists and lists of default passwords for connected home devices, granting attackers a gateway into your home and a way to install backdoors on your network.
When you are able to change them, use strong and unique passwords. If you have trouble remembering passwords for different accounts, consider using a vault such as Lastpass.
When it comes to security, less is not more. You might be raring to go, but skipping security checks and thinking "I'll do it later," means you probably won't bother -- which may place your devices and yourself at risk.
Take ten minutes to see what security options your device offers -- whether it be password protection, user accounts or remote control options. Make sure they work for you.
The majority of IoT devices, by their very nature, require connection to a Wi-Fi network. If this network is not properly protected, you are granting attackers the keys to your connected kingdom. WPA2, one of the better security and encryption options commonly used, should always be enabled -- and once again, you should make sure your Wi-Fi is protected with a strong password. If you leave your Wi-Fi network open you may find not only that neighbors are jumping on, but they can access shared resources and discover what other devices are on the network.
Don't forget to disable guest access at the same time.
See also: Security practices from the experts
IoT device vendors need to catch up when it comes to keeping firmware up-to-date and protected against exploit.
Researchers are constantly finding vulnerabilities in the firmware of connected home devices, and while it may not be possible to prevent attacks on each device, updates are a critical component of patching up security flaws before they becoming exploited.
Whenever updates are made available -- usually sent as an alert through device applications -- make sure you update as quickly as possible.
It's not always possible, but wired connections are generally more secure than wireless, and so if you can connect your IoT devices in this way, do it. If you're relying on Wi-Fi and willing to put in the time, listing the MAC addresses -- which are device IDs, not just for Apple products -- of each connected device and granting IP assignment only to these devices can also prevent others from snooping around your home network. Remember, the network is the gateway to everything else, and it's up to us to secure this door as much as possible.
Ideally, placing devices on a separate home network would be best -- but in reality this is unlikely to happen.
If you're set to buy used or second-hand devices, keep in mind that you did not have control over the networks the device may have been connected to. These devices may have been tampered with and the firmware may be old. It's a risk to take them on, but if you must, limit used IoT devices to non-critical functions such as lighting -- rather than smart doors or anything which could compromise your home. There are tools out there for the security-minded to use, but in general, it's best to not use second-hand devices or otherwise, try to keep them on their own standalone home network.