While they generate lurid headlines when they happen, baby monitor hacks are, in fact, rare. But they are illustrative of a growing trend: As parents invest in tech they believe will protect their families, the risk of hacking and security vulnerabilities goes up. The reason for that is simple. Our homes become ever smarter, with everything from lights to baby monitors that are WiFi-enabled, but our security hasn’t kept up. And the password on home networks is, too often, still the name of your first pet.
“Anything that is connected to the internet is an open window into your privacy. That’s why you should limit how many windows you open into your life,” says Daniel Eliot, the director of education and strategic initiatives at the National Cyber Security Alliance (NCSA).
But he also offers up a reality check. As far as baby monitor hacking goes, “I don’t think it’s very common. It gets a lot of press. It happens. It’s not a widespread problem but we can’t say it’s not probable,” says Eliot.
When it does happen, it can be jarring, to say the least. Theresa Payton, the former Chief Information Officer to President George W. Bush and the current CEO of Fortalice Solutions, has spent her career advising companies on issues of security.
“Parents have the assumption that these devices should just be secure,” the mother of three says. “The fact is that these are still so easy to get access to.”
Here are here best practice tips for keeping your baby monitor secure.
Review the Monitor’s Security Features Available and Use Them
Most of the top (translation: reputable) baby monitor brands list their security features on their sites. Read them. Understand them. “Once the monitor is in the home, before you start monitoring your children, set it up with 2-factor authentication,” says Eliot. “Change the manufacturer’s password to one that is long and unique. When there are software updates available, update your software.”
Register Your Device
If there are security vulnerabilities discovered after a product has been released to market, the manufacturer may issue a recall or a patch — but you won’t hear about either unless you’re in contact with the company. “You’ll want to get that notice right away,” Payton says, suggesting register your product immediately before it’s overlooked and forgotten.
Be Sure Your Baby Monitor Has an Encrypted Connection
“The main thing I want everyone looking for is whether or not the manufacturer offers an encrypted connection,” Payton says. She explains that all the password protection in the world won’t be helpful if there is a massive national data breach for that company or device. Encryption ensures that even if hackers get footage, they won’t be able to see the details of it.
Shut off Baby Monitors and Security Systems Regularly
Once a week, Payton recommends that parents power down their surveillance cameras and power them back up. This action allows the devices to grab security patches and updates, installing them to correct any weaknesses while increasing efficiency. “It lets it become the latest and greatest,” she says.
Assign Your Baby Monitor an Email
Just after the unboxing, Payton says to assign your device its own email address. This way, should a primary email be hacked, thieves won’t have access to the systems.
Create a Strong Password For Your Home Network
“If you take four random words and string them together, that often times is easier to remember and is still considered a strong password,” Payton says. “You will remember them better, but it’s not a sentence, it’s not your favorite sports team, and it’s something you’ve got a better shot remembering.” Back them up with any one of numerous great password managers.
Update Your Software and Firmware
Every brand issues system updates. Don’t ignore them. Install them. They’re updated for a reason, mostly to keep your data secure.
Set Up Personal Alerts
Payton recommends setting up a Google Alert for your baby monitor’s company and model. That way, you can quickly get information on any major issues with the device on a large scale. It’s a set-it-and-forget-it means of protection, but one that will keep you updated on any security risks that might exist,