Home News Events Press Releases OTA Releases Consumer IoT Checklist

OTA Releases Consumer IoT Checklist

Recommendations for consumers to help increase the security, privacy, and safety of their connected devices released in support of National Cybersecurity Awareness Month

Tue, Oct 4, 2016

BELLEVUE, Wash. – In support of National Cybersecurity Awareness Month, the non-profit with the mission to enhance online trust the Online Trust Alliance (OTA) today released the OTA Consumer IoT Security & Privacy Checklist. The checklist contains steps consumers can take to help increase the security, privacy and safety of their connected home and wearable technologies, which are also referred to as Internet of Things (IoT) devices.  Download The Check List 

OTA recommends consumers utilize this checklist to regularly reassess their security and privacy settings on their IoT devices. Not unlike changing the batteries on a smoke detector once a year, consumers should tune up and optimize IoT device settings regularly. While many people cite safety as a top reason for buying smart devices and homes, conclusive research shows that security and privacy concerns are the biggest barriers to IoT adoption. OTA hopes that by having consumers play an active role in their smart device’s security and privacy, it will not only increase the security and privacy of those devices but also boost consumer confidence in them.

“In this increasingly complex world of connected devices, consumers cannot take it for granted that their devices remain safe, secure and private year after year,” said Craig Spiezle, Executive Director Online Trust Alliance.  “As people acquire more devices, the long term risks to their family and community rise exponentially.”

“Millions of consumers are the victims of identity theft and online scams each year, and many may not realize that the smart devices that make their lives easier can also make them more vulnerable,” said Bob Ferguson, Washington State Attorney General. “OTA’s recommendations are an important step toward helping people protect their privacy and personal safety.”

From connected home to health and fitness devices, consumers are realizing significant benefits from the Internet of Things, but the devices’ growing complexity and popularity make them difficult to manage. As devices age and become unsupported, many risk becoming insecure while still collecting and potentially sharing vast amounts of personal data. Below are OTA’s consumer security and privacy recommendations:

  1. Inventory all devices within your home and workplace that are connected to the Internet and network. Router reports can help determine what devices are connected to your network. Disable unknown and unused devices.
  2. Contact your Internet Service Provider (ISP) to update routers and modems to the latest security standards. Change your router service set identifier (SSID) to a name which does not identify you, your family or the device.
  3. Check that contact information for all of your devices are up-to-date including an email address regularly used to receive security updates and related notifications.
  4. Confirm devices and their mobile applications are set for automatic updating to help maximize protection. Review their sites for the latest firmware patches.
  5. Review all passwords creating unique passwords and user names for administrative accounts and avoid using the same password for multiple devices. Delete guest codes no longer used. Where possible implement multi-factor authentication to reduce the risk of your accounts being taken over. Such protection helps verify who is trying to access your account—not just someone with your password.
  6. Review the privacy policies and practices of your devices, including data collection and sharing with third parties. Your settings can be inadvertently changed during updates. Reset as appropriate to reflect your preferences.
  7. Review devices' warranty and support policies. If they are no longer supported with patches and updates, disable the device’s connectivity or discontinue usage of the device.
  8. Before discarding, returning or selling any device, remove any personal data and reset it to factory settings. Disable the associated online account and delete data.
  9. Review privacy settings on your mobile phone(s) including location tracking, cookies, contact sharing, bluetooth, microphone and other settings. Set all your device and applications to prompt you before turning on and sharing and data.
  10. Back up your files including personal documents and photographs to storage devices that are not permanently connected to the Internet.

“As millions of cars, apps and household devices connect to the Internet, we need to discuss the privacy implications and resolve key questions about data ownership and management,” said Washington State Chief Privacy Officer, Alex Alben. “For the IoT to thrive in the long term, consumers will have to trust that their data and concerns about personal privacy are addressed, and OTA’s recommendations are a positive step to accomplishing this.”

“In today’s ever connected world BBB believes it is not only vital, but ethical for businesses and organizations to safeguard their intellectual property, financial information and customer data,” said Tyler Andrew, Better Business Bureau serving the Northwest CEO. “Recommendations, like those provided by the Online Trust Alliance, are imperative for the protection of consumer and company information.”

Nearly 100 organizations including private businesses, consumer and privacy advocates, international testing organizations, academic institutions, and U.S. governmental and law enforcement agencies contributed to the development of the OTA Consumer IoT Security & Privacy Checklist. These organizations also helped develop the OTA IoT Trust Framework, a set of principles providing guidance to device manufacturers and application developers.

About OTA: 

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.