IoT devices: Balance convenience with privacy & security

various device icons surrounding image of a cloud

Internet of Things (IoT) devices, such as smart home assistants, smart appliances, and gaming systems, can collect a lot of personal data about you—sometimes more than you might realize. Personal data about you and others who use and share such devices may be retained, used, and sold in unexpected ways.

IoT devices usually send data to cloud storage managed by the device manufacturer. That can leave your data vulnerable to exposure in the event of data breaches affecting the manufacturer or others they may share your data with.

Many of us enjoy using IoT devices. They are popular, fun, and convenient, but they also bring privacy and security risk.

Follow basic privacy and security best practices to help minimize risks and take some control over how much and which data your devices collect and store:

  • Change the default password for the device.
  • Set a unique password for each device.
  • Disable features you don’t use.
  • Change default “wake up” words if you choose to use voice activation.
  • Choose privacy settings for yourself; don’t accept the defaults.
  • Delete or erase stored recordings on a regular basis.
  • Turn off voice purchasing, or set a purchase password to prevent inadvertent or unauthorized purchases.
  • Keep the device software up-to-date.
  • Use two-factor authentication for connected service accounts (such as Google or Amazon) whenever it is available.

See Secure Your Internet of Things Devices on Safe Computing for more best practices and links to privacy settings help information for popular smart speakers.

Author: Matt Ranville, Information Assurance

You can contact Matt at