The term "smart home" covers all the connected devices you use within your home. For example, these could be systems for opening and closing windows, doors and blinds automatically – known as home automation technology. But the smart home also includes household appliances such as refrigerators that keep you up to date on what is actually inside them or consumer electronics like smart TVs and connected speakers complete with digital voice assistants.

These systems can often be controlled from anywhere. A smart home can help you to save energy by automatically switching off the heating when a window opens, for instance. Some devices are designed solely for the user's convenience, such as those which let you switch your music or lights on and off via voice commands.

Lots of these IoT devices are connected to the Internet. And that means they are exposed to the same risks as other Internet-enabled devices, e.g. computers or smart phones. The following sections will explain how to enter the world of the smart home as safely as possible.

The latest software and security updates

Even before you buy an IoT device, you should check that the manufacturer will provide software updates for its whole lifespan, whatever that is typically expected to be. Find out whether and how updates are carried out for every device. In most cases, updates are performed automatically or manually via a corresponding app or the device's web interface. Wherever possible, enable automatic updates for your device so its security features will always be up to date.

IoT devices for which no updates are provided represent a security risk. Their vulnerabilities remain open and can be exploited, whilst errors in their software cannot be corrected. Attackers can therefore access the devices and potentially control them remotely. If security updates are no longer being supplied for your device, you should replace it.

Central firewall and router security

The firewall inside your router protects your home network from attacks performed over the Internet. Check whether your router has a built-in firewall and, if it does, enable it.

You should also protect your router by changing the preset password, installing available updates and making sure you are running the latest firmware.

You can enable the firewall and change the password in the router settings. Your router manual will tell you your Internet address (often in the form of an IP number), which you should search for in your LAN or WLAN in order to access the router directly.

Do not use default passwords

A commonly used gateway for attackers are devices that are connected to the Internet, yet have no password protection or are only protected by the preset, default passwords. Such devices are particularly susceptible to having malware installed on them without authorisation. Infected devices may become part of a botnet, for example. This is a huge network of devices that an attacker can combine and use to perform various actions via remote control. In most cases, it is very difficult to tell whether a device is infected with malware. You should therefore make sure to set your own individual password the first time you connect an IoT device. Never give your passwords to anyone else.

What you should consider when creating a secure password:

• You must be able to remember a password easily.
• The longer the password, the better.
• The password should be at least eight characters. At least 20 characters are recommended to protect a WLAN.
• All available characters can usually be used in a password, i.e. upper-case and lower-case letters, numbers and special characters.
• The full password should not be found in a dictionary. Common sequences of numbers or patterns of keyboard strokes are unsuitable for a secure password too.
• It is not recommend to add single numbers or special characters to the start or end of an ordinary word.
• A password manager can make it easier to handle different passwords.
• If there is a two-factor authentication option, you can use it to add an extra layer of access protection to your device. As well as entering a password, users are asked for an additional factor in the form of a hardware component, for example, which acts as a key. This key could be a smartphone, a chip card or a special USB stick. A fingerprint or an SMS message sent by the provider and containing a one-time code can also serve as the second factor.

All information on secure passwords and how to organise and manage them in a password manager.

Encrypted communications and local use

Make sure that your IoT devices are communicating sensitive information only in an encrypted format. If this is not the case, third parties could intercept and read this data. Before making your purchase, find out whether the device supports encrypted communications.

Only connect your smart home to the Internet if remote access is absolutely essential. In many cases, it is enough for you to access your IoT devices from within your home network only. Of course, the smartphone or computer you are using to control your IoT devices must also be integrated directly in your home network. Some smart home base stations give you the option to prohibit communication with the Internet. A device that cannot be accessed via the Internet represents a much lower risk. For blinds or lights, for example, you can save schedules and scenarios that allow your devices to be controlled without any Internet connection at all. So you can give the impression that someone is home even when you are on holiday.

If the UPnP (universal plug-and-play) setting is enabled on your router, you should disable it to prevent your IoT devices communicating uncontrolled with the Internet.

Set up a VPN

A virtual private network (VPN) is an incredibly secure connection between two points. It creates a tunnel from a smartphone, for example, to your home network or router through the public Internet.

What's special about a VPN is that the tunnel it creates has only one entrance and one exit, so no data can leak along the way. What's more, only devices that you have enabled can access your home network via the VPN. Modern routers have an option that lets you set up a simple VPN.

Further information on what you should bear in mind when setting up a VPN.

Separate home network

Network segmentation is already standard in industrial networks and can also be applied to home networks. With this approach, IoT devices run on a separate network, which is not connected to sensitive data or devices like your computer.

Many home routers have an option to set up a separate WLAN for integrating only IoT devices. This is kept logically separate from your home network and is therefore a simple way of running your IoT devices on a separate network. It does not make sense to move devices that need to access data in your home network to a separate network: your smart TV, for example, if you want to use it to access your media files that are stored in your network. Some routers do not offer network segmentation, but you can set up a guest WLAN instead and integrate your IoT devices into this network if you like. If you decide to go down this route, the guest WLAN should be used only for IoT devices and you should not give the login details to anyone else.

Physical security

Make sure that strangers cannot gain physical access to your devices. USB or LAN ports should not be easily accessible, since third parties can use these as a gateway into your network and your data.

Informed use of IoT devices

Find out how your device works, what data you are generating by using it and where that data is stored. This is an important starting point for you to use your IoT devices in an informed way.

The questions below will help you to better assess your device and the potential risks of using it:

1. What sensors does the device have, e.g. a camera or microphone?
2. What data is recorded and stored?
3. Can you tell where the data is stored?
4. Is this data sent to or shared with other applications?
5. What are the potential risks of using the device and am I prepared to run those risks?

The answers to these questions will also help you to find a balance between convenience or functionality and security. Make an informed decision about whether you want to skip on security so you can benefit from a particular functionality.