Select the devices your business uses — get a risk score + AI action plan
What counts as an IoT device? Any internet-connected device that isn't a computer or phone — cameras, DVRs, printers, smart TVs, thermostats, door locks, POS terminals, routers. Each has a default password that attackers know. Andrew checks every device during a free on-site assessment.
📷 Cameras & Surveillance
📷
IP Security Camera
Critical Risk
📼
DVR / NVR System
Critical Risk
🔔
Doorbell Camera
High Risk
🌐 Network Equipment
📡
WiFi Router / Modem
Critical Risk
🔀
Network Switch
High Risk
📶
Wireless Access Point
High Risk
🖨️ Office Equipment
🖨️
Network Printer / MFP
High Risk
📺
Smart TV / Display
Medium Risk
☎️
VoIP Phone System
Medium Risk
🔒 Access & Physical Security
🔐
Smart Door Lock
High Risk
🚨
Alarm / Security Panel
High Risk
🌡️
Smart Thermostat
Medium Risk
💳 Payments & Storage
💳
POS Terminal / Card Reader
Critical Risk
🏪
Networked Cash Register
High Risk
💾
NAS / Network Storage
High Risk
0
RISK SCORE
No devices selected
Check the boxes above
Select devices above to see your risk score and generate a custom action plan.
Source: CISA KEV · NIST SP 800-213
Priority-ordered — start at step 1 and work down
These are the top actions recommended by CISA and NIST for securing IoT devices. Steps 1–3 are the most impactful — if you only do three things, do those. Andrew can walk through all of these with you at no cost.
1
Change Every Default Password Immediately
Critical · TodayEvery IoT device ships with a default password — "admin," "12345," "password," or the serial number. Attackers have published these online and scan for them constantly. Change every device password to a unique strong password. Use Bitwarden (free) to store them.
Source: CISA Default Password Alert · NIST SP 800-213
2
Update Firmware on All Devices
Critical · This WeekLog into each device's admin page, find the firmware update section, and apply any updates. Hikvision, Dahua, and D-Link cameras appear constantly in the CISA Known Exploited Vulnerabilities catalog — most attacks succeed because firmware wasn't updated. Use the Firmware tab for direct update links.
Source: CISA KEV Catalog · NIST SP 800-213
3
Put IoT Devices on a Separate Network (VLAN)
Critical · This MonthThis is the single most effective thing you can do. If your cameras, printers, and smart TV share a network with your computers and POS, a hacked camera can attack your financial data. A separate IoT VLAN means a compromised device stays isolated. See the diagram below.
Source: CISA SMB Guidance · FCC Cyber Planner 2.0
4
Disable Remote Access You Don't Use
High · This MonthMany IoT devices enable remote access by default. Unless you need to access a device remotely, disable UPnP, remote management, and unused ports in your router settings.
Source: CISA Edge Device Guidance
5
Enable Automatic Updates Where Available
Medium · OngoingFor devices that support auto-updates, enable them. For devices requiring manual updates, set a monthly calendar reminder. The most common IoT attacks exploit vulnerabilities with patches that have been available for months.
Source: CISA Secure by Design
Visual: Before & After network segmentation
⚠️ BEFORE — One Flat Network
Router / Modem
↓ everything shares one network ↓
Single Network — Everything Mixed
💻 Computers & laptops
💳 POS terminal & card reader
📷 Security cameras & DVR
🖨️ Network printer & smart TV
📱 Employee & guest phones
🌡️ Smart thermostat
💳 POS terminal & card reader
📷 Security cameras & DVR
🖨️ Network printer & smart TV
📱 Employee & guest phones
🌡️ Smart thermostat
❌ Hacked camera can reach POS
❌ Guest WiFi sees your computers
❌ One breach spreads everywhere
❌ Guest WiFi sees your computers
❌ One breach spreads everywhere
✅ AFTER — Segmented Network
Router / Firewall
↓ each zone is isolated ↓
Business Network (VLAN 1)
💻 Computers · servers · laptops
Payment Network (VLAN 2)
💳 POS terminals · card readers
IoT Network (VLAN 3)
📷 Cameras · 🖨️ Printer · 📺 TV · 🌡️ Thermostat
Guest WiFi (VLAN 4)
📱 Customer phones · visitor devices
✅ Hacked camera cannot reach POS
✅ Guest WiFi cannot see computers
✅ Breach stays contained to one zone
✅ Guest WiFi cannot see computers
✅ Breach stays contained to one zone
Can my current router do this?
Business-grade routers support VLANs — Ubiquiti UniFi, Cisco Meraki, Netgear Business, TP-Link Omada. Basic consumer routers often support a "Guest Network" which provides partial separation. Andrew can assess your current equipment during a free visit.
How much does this cost?
If you already have business-grade equipment, it's free — just settings changes. If you need new equipment, a Ubiquiti UniFi setup starts around $200–$400 and supports full segmentation.
Direct links to firmware update pages — check your device monthly
How to update firmware: Log into your device's admin page (usually 192.168.1.1), find Settings → Firmware or System → Update, and apply any available updates. Or visit the manufacturer's page below and search your model number.
Can't find your device? Search NIST NVD for your brand and model. Check CISA KEV to see if it's actively exploited.
Warning signs your IoT device has been compromised
If you're hacked — immediate response steps
Camera / DVR
Camera moving on its own · credentials changed · footage missing · unknown logins in access log
Router / Network
Unusually slow internet · unknown devices on network · admin password no longer works
Printer / MFP
Print jobs you didn't send · configuration changed · connecting to unknown IP addresses
General IoT
Device running hot · LED lights behaving strangely · device rebooting unexpectedly · antivirus alerts
Step 1 · Immediately
Disconnect the Device from Your Network
Unplug the network cable or disable WiFi. Do not power it off — this destroys forensic evidence. Disconnecting stops attacker access while preserving data.
Step 2 · Immediately
Change All Passwords — From a Clean Device
Use your phone or a computer NOT on the compromised network. Change passwords on email, banking, cloud services, and other IoT devices.
Step 3 · Within 24 Hours
Factory Reset Before Reconnecting
Hold the reset button 10–30 seconds. After reset: immediately change default username and password, update firmware before reconnecting, and disable unused remote access.
Step 4 · Within 24 Hours
Report to CISA and FBI IC3
Report to CISA (cisa.gov/report) and FBI IC3 (ic3.gov). If customer data was exposed, PA data breach law may require notification. Contact Swamp Fox Cyber Defense for guidance.
Step 5 · Within One Week
Audit All Other Devices on Your Network
If one device was compromised, others sharing the same default password may be too. This is exactly what Andrew's free assessment covers — every device, plain-English report. Book here.