A question we are getting asked more as Amazon Echo’s and Google Nest become the norm in homes and more recently appearing in offices, is are they safe?  And, can I make them more secure?

This is a little bit of a minefield because like so many things in life, not all smart devices are created equal and the level of risk will depend on the particular device. For example, a smart lightbulb could well be connected to the internet but the only personalised data it could record is when you turn it on or off and what color you might have set it to.  At the other end of the smart device spectrum is your smart speaker which is by its very definition always listening and logging everything you say, which could be a security concern.

Should I use a smart device at work?

As a rule, we would always advise to not use the ‘Smart Speaker’ style of device in either the office or even the home office.  This is because even though the manufacturers of them almost always tell you that voice recordings and usage are never saved, and if they are then it’s totally anonymised, this is a security risk that is out of your control.

For example, Anker’s Eufy line of home security cameras and other devices were found to not be encrypting video streams despite the company claiming they had been. This has since been fixed by Anker via over the air updates and changes to the Eufy ecosystem, but it doesn’t change the fact that it happened and highlights the potential risks of connected devices.

If I do need to use a smart device, can I make it more secure?

1. Change default passwords

This is a basic security principle, but it’s worth reiterating. Always change the default usernames and passwords on ALL smart devices (either to control the device itself, or to access an ‘app’ for the device). Default credentials are readily available online, making them easy targets for hackers. If the default password is used, a criminal could log into a smart device and use it to access a local network, or conduct cyberattacks.

UK law brought in in April 2024 should mean manufacturers must not supply devices that use default passwords, which can be easily discovered online, and shared. But we recommend you still always change to a separate and secure new password.

2. Install latest software and app updates

This is another basic security principle not reserved for smart devices. Applying updates promptly will protect smart devices from criminals and also adds new features, keeping devices working as they should.

3. Create a separate network and use Guest WiFi

The other precaution we would advise is that all devices that simply need internet access and have no need to be visible to your other home or office devices are put on a separate network.  Now as a home office user the best way to do this is to use the guest WiFi on your router.

Guest WiFi functionality varies by router, so consult your router’s manual for specifics. However, most guest networks create a separate Wi-Fi name (SSID) with its own password. This creates a Virtual Local Area Network (VLAN) that isolates the guest network from your main office network. Connect your smart devices to this guest network. They’ll have internet access but won’t be able to access any devices on your main network, enhancing overall security.

Next: Read more advice to keep your business secure