Securing the things you connect to the internet

Connected or “smart” devices are fun and convenient — but they can gather and transmit sensitive information about your life and family. Here are steps you can take to maintain household security.


AS HOME AUTOMATION ENTHUSIASTS RUSH to connect digital devices — a video doorbell, a wireless home security kit, a set of Wi-Fi lightbulbs — they are helping build a new ecosystem of convenience, safety and efficiency. That ecosystem is the Internet of Things (IoT), the burgeoning global network of connected “smart” devices. By 2030, the IoT may comprise more than 29 billion internet-connected objects.1

For consumers, these devices already have elevated household conveniences and services to futuristic heights. Think sensor-based home-monitoring and communications systems, energy-efficient automated appliances, always-on virtual assistants and self-driving automobiles.

Each device connected to a network, however, is also an endpoint that criminals can exploit. And research shows they are doing just that: One 2022 survey found that 45% of companies had experienced a data breach caused by an unsecured mobile or IoT device in the past 12 months, up 22% from the previous year.2

But the problems are not just a function of cyber criminals and insecure devices. Many consumers don’t prioritize device security due to a lack of understanding of how risky an insecure device can truly be, and unwittingly open themselves to compromise.

For instance, smartphone users often grant broad access to their device’s location services, camera, microphone, contacts and calendar — without knowing whether these permissions are legitimate and how the data they generate will be secured. By providing this access, users may unintentionally open access to additional data on the device, including sensitive information like system credentials, credit card numbers and contact information for colleagues, clients, friends and family.

Title reads- Common household IoT devices. Text reads- 1. Internet router (illustration of a router) 2. Home computer (illustration of a woman working on a laptop at her home) 3. Connected thermostat or climate control (illustration of a thermostat) 4. Security system (illustration of a home security system) 5. Mobile devices (illustration of a smartphone) 6. Wearables (illustration of a smartwatch) 7. Entertainment devices (illustration of a smart TV and remote)

Title reads- Common household IoT devices. Text reads- 1. Internet router (illustration of a router) 2. Home computer (illustration of a woman working on a laptop at her home) 3. Connected thermostat or climate control (illustration of a thermostat) 4. Security system (illustration of a home security system) 5. Mobile devices (illustration of a smartphone) 6. Wearables (illustration of a smartwatch) 7. Entertainment devices (illustration of a smart TV and remote)

Simple ways to protect your home and its devices

Smart security begins with an assessment of the devices that constitute your personal or family digital footprint. It’s a good idea to make a list of IoT devices in use, how they connect to the internet and what data they generate and share. All this will help you determine potential cyber security vulnerabilities.

Some devices, like Wi-Fi videocams and car navigation systems, have been subject to highly publicized hacks. But the full spectrum of potential vulnerabilities doesn’t always make the news.

Smart devices may collect data about your personal life, dwelling, habits or financial accounts, helping refine their performance and making them easier to use. But if the devices remain in public access mode, all this information may end up on the internet, where advertisers can harvest it to expand your consumer profile. This often results in an increase in unwanted pop-up ads as you browse the internet.

Cyber criminals also use personal information to launch social engineering campaigns, in which they use information gathered about individuals to craft communications that look legitimate but are actually scams.

The risks associated with revealing personal information online demonstrate why it’s important to review any device’s security capabilities. Find out what data is collected, how it is protected and what sharing lists are selected. Explore the product’s security and privacy settings to find out what data-generating features can — and should — be switched off. Also review the IoT device’s privacy settings to make sure you are not unintentionally sending device information to unintended locations, such as your social media accounts.

If you’re purchasing more robust equipment like wireless routers and tablets, find out if the latest security features are included. It is also important to know whether or not those standards can be updated as the technology evolves. The best security can provide powerful encryption and protection against attacks designed to compromise user credentials.

9 best practices to help secure your IoT devices

These tips may help you safeguard your IoT devices and data, while also limiting your digital footprint:

1. Purchase IoT devices that offer ongoing security patches and long-term manufacturer support.

2. Create and maintain an inventory of home IoT devices and applications.

3. Review and manage the data that will be shared by each active IoT device.

4. Consider maintaining IoT devices on a separate network from your computers, tablets and phones.

5. Regularly update all device software. If available, turn on automatic updates and notifications for configuration changes.

6. Use your router’s network configuration tool to see what devices are attached and disconnect unknown or suspicious devices or connections.

7. Create strong passwords for devices and customize user and object names. Do not use default passwords.

8. Create a Wi-Fi guest network.

9. Enable encryption on your router. 


Stay connected, stay protected

To help keep your Merrill account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

A private wealth advisor can help you get started.

Our advisors can help you follow your passions, build a legacy and have a positive impact on others.





1 Transforma Insights, “Global IoT Connections to hit 29.4 billion in 2030,” July 25, 2022.

2 Verizon, Mobile Security Index 2002, August 2022.

Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided "as is,“ with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.