There is a growing concern over the IoT and internet-connected toys for children. But are these smart toys really as scary as some might think?
That is up to you to decide for yourself and for your children. IoT toys are vulnerable, just like anything that can be connected to the internet, but you can minimize your risks by using best security practices!
If you are going to try out a smart toy for your child, make sure you’ve educated yourself about its capabilities, weaknesses, and flaws. Here are some good Dos and Don’ts for when you are setting the toy up and putting it into the hands of a child.
DO:Before purchasing, do your research. A quick Google search should yield any negative reviews or known issues with the toy you are considering for your child. Read through cybersecurity, customer and child advocacy, and consumer product reports to see if you will feel comfortable having this internet-connected toy in your home and being used by your children.
DON’T:Connect toys to unsecured or untrusted Wi-Fi. Don’t let your child take the toy anywhere it may have access to an uncontrolled internet connection. Use this as a teaching moment to show your child that the toy will only work when it is in range of your secure home router.
DO:Research the toy’s connectivity security default settings. When setting up the toy, use these at a minimum or set what works best for you and your family! Turn on authentication when the toy pairs with Bluetooth. Turn on Two-Factor Authentication, when available. Also, make sure data will be encrypted as it travels from the toy, to Wi-Fi access point and into the cloud.
DON’T:Neglect updating firmware for updates and software patches. Avoid security weaknesses that may allow cybercriminals access to an IoT toy by keeping it up to date. Regularly check with the toy’s developer so that you can be quick on the draw when there’s an update.
DO:Find out how and where personal data is being stored. It may be by the company and/or by a third party. Research their reputation for taking care of their users’ personal data and for their breach history.
DON’T:Ignore disclosures and privacy policies. It’s often daunting to even think about reading the fine print for any product, but when it comes to your child, you can never be too careful! Make sure you understand their policies: ill you be notified in the case of a cyber attack? Will you be notified in the case of security vulnerabilities? Where is collected data stored and who has access to it? Will you be notified of new disclosures or changes to policy? And is the company available to contact in the case of any complications, questions, or concerns?
DO:Supervise your child’s interactions with the toy. If there is an app for parents, keep track of any voice or video recordings the toy may store.
DON’T:Leave the toy on when no one is playing with it. You wouldn’t want it recording or videoing anything that it shouldn’t!
DO:Use a long and unique password! Use numbers, upper and lower-case letters, and special characters to keep a strong layer of security on the user account. Keep this secret, or use a password manager to help keep the password secure.
DON’T:Load the toy with too much personal information. Some toys have special features if birthdays or other information is included in your account. But remember, your child’s birthday can be used to access his or her personal information elsewhere. Rule of thumb: don’t enter any data you would feel uncomfortable giving away to a stranger.
Take this opportunity to teach your children how to safely use IoT toys. Properly playing with internet-connected toys can help children learn about cybersecurity. As they grow into using other internet-connected devices, they’ll be ahead of the curve!
Dos and Don’ts modeled after The FBI’s Consumer Notice for Internet-Connected Toys