National Network to End Domestic Violence provides suggestions, guidance and resources
The Internet of Things has introduced new cybersecurity threats to our homes and our lives. For victims of domestic violence, that danger can be profoundly invasive. Taking back their privacy can be a necessary step toward safety and sanity.
Unfortunately, internet connected device makers and service providers have often prioritized being first to market with fresh functionalities. Security-by-design has not been a priority.
The National Network to End Domestic Violence has created a Technology Safety Toolkit through a grant from the Department of Justice's Office, and a Technology Safety Plan guide for survivors of domestic violence.
Tips from the NNEDV
The NNEDV urges the following when trying to make your smart home safe again after domestic violence incidents:
- Trust your instincts. If it seems like an abuser knows too much about you, they could be monitoring devices, accessing online accounts, tracking your location, or gathering information about you online.
- Strategically plan around your tech. It’s often a natural reaction to want to throw away devices or close online accounts. Before removing a hidden camera that you’ve found or a GPS tracker think through how the abuser may respond and plan for your safety. Some survivors choose to use a safer device for certain interactions, but also keep using the monitored device as a way to collect evidence.
- Look for patterns. If the abusive person has hinted they are watching you, think about what they know. Do they only know what you are doing in a certain area of your home? If so, there may be a hidden camera in that room. Read more about Assessing for Technology Abuse.
- Document the incidents. Documenting a series of incidents can show police or the court a pattern of behavior that fits a legal definition of stalking or harassment. Documentation can also help you see if things are escalating, and help you with safety planning. For more information, check out Documentation Tips for Survivors.
- Report the incidents. You may also want to report the incidents to law enforcement or seek a protective order. If the harassing behavior is online, you can also report it to the website or app where the harassment is happening. If the behavior violates the platform’s terms of service, the content may be removed or the person may be banned. It’s important to recognize that reporting content may remove it completely so it should be documented prior to reports for evidence.
- Consider cameras and audio devices. If you suspect that you’re being monitored through cameras or audio recorders, it may be happening through hidden devices, gifts received from the abusive person, or even everyday devices like webcams, personal assistants (such as Google Home or Alexa), or security systems. If you’re concerned about hidden cameras, you may consider trying a camera detector, though some will locate only wireless cameras, not wired cameras, or vice versa. Everyday devices or gifts may be able to be secured by changing account settings or passwords. Built-in web cameras can be covered up with a piece of removable tape (although this only addresses the camera, not the spyware on the computer). Remember to consider making a safety plan and documenting evidence before removing devices or cutting off an abusive person’s access.
Internet of Things security tips from Avast
Avast offers connected home security products, resources, and guidance for securing your digital life and smart home. “It’s important to remember that making your connected home and family safe is an inventory and a process and a practice – just like the physical safety of your home,” said Deepali Garg, a senior data scientist at Avast who worked on the largest study ever of global IoT devices in real people’s homes. “You don’t lock your door once and forget it. You don’t turn on the flood light in the driveway once. These things become part of your routine. Cybersecurity is the same way. And you can’t do maintenance until you understand how things work.”
Understand your router. Wireless routers are perhaps the most fundamental piece of technology required for an internet-connected house. But once our connections are established, the router is often just part of the furniture; we don’t even think about it. Malware targeted specifically at routers increased throughout 2018, yet Avast research shows that 51% of people have never logged into their router’s administration page. Open your router settings page and ensure that the SSID (or Wireless Network Name) has a unique name. Change the default admin username and password for your router.
- Don’t let yourself be tracked. Do not post your whereabouts on social media. Provide tracking software on your kids’ phones, such as Avast Family Space, so you know where they are at all times.
- Change default passwords. This goes for any device that comes with a default password, not just your router. When given the option, always change the default password to something complicated. If two-factor authentication is available as well, enable it. And, use a Password Manager to make your life easier. Check out this post about best practices for passwords.
- Know your devices. It may be tempting to tear it out of the box and simply punch ON, but it’s imperative to look at every connected device as more than a gadget. Each one is a possible gateway for any hacker determined enough to find a way in.
Update ASAP always. Keep the firmware of your IoT devices updated with the latest versions and patches available. Remember, the cause for most of these updates is because a security flaw has been found and exploited in the previous version. You want to stop running that compromised version right away. Also when considering a new IoT device, take a look at its update process. Make sure it’s easy and straightforward and that you are notified when a new update is ready.