A Guide to Protecting Your IoT Devices From Online Hackers

By Caitlyn Eltzholtz, Operations Manager at XPAN Law Group

The Internet of Things

As a millennial, my smartphone is virtually glued to my hand.  I will admit: I do not leave a room without bringing my phone with me, let alone leave the house without it.  In addition to our everyday devices such as smartphones, tablets, laptops, etc., the 21st century has introduced the wonderful, and yet sometimes terrifying,  Internet of Things (IoT).  The IoT includes everyday objects such as watches, kitchen appliances, audio speaker systems, cars, and even baby monitors that can be connected to the internet.

Theoretically, being able to connect phones, computers, and everyday objects to the internet is AWESOME and seemingly practical.  Need to quickly add a specific item to your grocery list? Ask Alexa. Going out? Input your destination into your vehicle’s GPS system, and you are on your way.  Quick and easy, right? But, what is going on behind the scenes? With new technology comes new ways and tactics for hackers to penetrate devices.

The Dangers of Hackers Penetrating Your Systems and Devices at Home

The many instances of online hacking are nothing short of horror stories.  Online hackers have been known to penetrate systems and leave with personal information such as credit card and social security numbers, but the recent rise of everyday devices having the ability to connect to the internet have generated even more significant threats. Between people hacking children’s baby monitors, security cameras, and even heating and air conditioning systems, these threats seem endless.  Luckily, with a bit of due diligence and research (in my case, having a small army of impressive cybersecurity and data privacy attorneys in my day-to-day life does the job), you will be on your way to a more secure system in no time.

Simple Steps to Protect Your Systems and Devices from Cyber Hackers

First things first: Secure your router.  Your WiFi network is only as secure as you make it, and once that is penetrated, you can consider all of your connected devices in addition to your wireless router to be breached.  Change the name of your router, change the password required to login to your WiFi, and turn on your system’s security features.

By default, the protection on your wireless router is minimal.  Many people are unaware that a simple phone call to your provider can upgrade the encryption of your system free of charge.  Your devices are only as secure as the networks they are connected to. With that being said, do not forget that this does not only apply to your network at home.  Think twice before connecting to public WiFi networks such as Starbucks, libraries, and hotels because it is just as simple for hackers to get into these networks as it is for you to connect to them.

Once your wireless router is secured, keep your router, in addition to any and all of your devices, secure with strong passwords and password protectors.  Using the word “password” to protect a device or account is not exactly what the cybersecurity and data privacy experts would consider secure.  

In addition to using long phrases to create your passwords, do not recycle your password for multiple accounts.  I know what you’re thinking: “How am I supposed to remember passwords for all 50 of my various accounts?”  Use a password manager, such as 1Password, for all of your usernames and passwords.  Password managers use powerful encryption as well as secret codes or keys that are necessary to be able to log into your account on top of your standard required username and password.  Not only will a good password manager allow you to increase the effectiveness of your passwords, but you can say goodbye to constantly forgetting and having to reset that password you created a year ago- Secure AND convenient.  

Due Diligence

Another simple way to protect yourself and your system is to do your research.  Before using a device or downloading any of the numerous applications available for purchase for these devices, always read the Privacy Policy and the Terms of Service provided by the company, and know what to look for while doing so.  Some key questions you should be looking to get answered in order to protect yourself from a data breach include:

  1. What type of security measures are required to be able to log into the device or application?  For example, do you need to answer security questions or input a code given by a multi factor authentication system?
  2. What type of data will you be inputting into the device’s system, and what does the company responsible for that device have the rights to do with your information?
  3. Geographically, where will your personal data be stored?
  4. What is the company’s protocol for notifying customers and users of a data breach?

Knowing what to look for while doing the research is just as important as doing the research itself.  


Devices that are considered IoT are now a part of the everyday lives of most people.  They have been created to make day-to-day life much easier, more convenient, and more fun.  While the downside is that they come full of cybersecurity and data privacy threats, the good news is that there are easy steps that anyone can take to limit some of the risks and protect themselves and their personal information.  Take the time to protect your data, and frankly you, by securing your system, being conscious of what networks you are making your device available to, using strong passwords, and doing your research. While these examples are by no means the only ways to protect your IoT devices, it is a good start.  As the Co-Founder of XPAN, Rebecca Rakoski, likes to remind us, “luck favors the prepared.”


Nothing contained in this blog should be construed as creating an attorney-client relationship or providing legal advice of any kind.  If you have a legal issue regarding cybersecurity, domestic or international data privacy, or electronic discovery, you should consult a licensed attorney in your jurisdiction.