Enhancing IoT Security: 3 Simple Steps
By Kwang Edeker - January 15, 2019
“These things are good things!” said The Cat In The Hat, releasing Thing 1 and Thing 2 from their box. Sally and her brother weren’t prepared for the mess those Things made of their home on that cold, rainy day.
Do you know the potential that smart devices, wearables, thermostats, doorbells, and webcams have to disrupt your business and your bottom line? Do you have the time, money, and resources to lock your Things back up in their box and get to cleaning the mess, like The Cat In The Hat? No. You’re using your “things.” You want them, need them, and (like it or not) you’ll be getting more.
What is The Internet of Things (IoT)?
A simple definition of the IoT is: anything that connects to the internet that collects and shares data (minus computers, phones, routers, tablets etc.). IoT devices have changed how we live and work. The consumer market is full of them. Big Business and Industry have them in the form of intelligent transport systems, smart electric grids, and data-driven systems built into the infrastructure of our cities.
According to SAS, “The IoT is more than just a convenience for consumers. It offers new sources of data and business operating models that can boost productivity in a variety of industries.” Gartner estimates that by 2020, 20 billion devices will be connected worldwide, with 40% deployed in enterprise. Surprisingly, many of them lack basic IoT security features and that allows for the exploitation of vulnerable devices.
Have You Been Hacked? Probably.
Hackers know that IoT security is not the main concern of manufacturers. Unaddressed vulnerabilities create openings for cyber-attacks that install ransomware, malware, invade your privacy, and launch secondary attacks (DDoS) on other organizations. They are inside, watching and waiting for useful information to capitalize on.
Many small business owners don’t believe they’ll be hacked. Not true. One survey found that nearly 14 million small businesses in the United States have experienced a security breach. Why? Small businesses have data. IoT devices collect data, and some may offer backdoor access to your network. Data is a valuable commodity. IoT devices increase your data footprint and your security risk. So what can you do to mitigate your risk?
3 Simple Steps
- Choose a reputable vendor when purchasing IoT devices. Cost is a major factor in many purchasing decisions. Look for reputable vendors when choosing your IoT devices. They sometimes cost more, but their reputation depends on how well their product performs and the security it provides the end-user. Remember, you are also paying for peace of mind. Is a potential security risk worth the initial cost savings?
- Update default passwords. Many IoT devices have weak, non-existent, or publicly available default passwords. In fact, California recently passed a law (Senate Bill No. 327) banning the use of default passwords on IoT devices effective in 2020. Verify device-installed security measures and determine if you have the ability to update the existing password.
- Keep your software and firmware updated. Is it even updatable? If it is, some manufacturers push updates to their products as a background task, not fixing security holes until they have already been exploited. Others leave it up to the end-user. Check the documentation and/or the manufacturer website to see what end-user configurable options are available.
“Devices that cannot have their software, passwords, or firmware updated should never be implemented.”-PC Magazine
“These Things Are Good Things.” Right?
Strategic integration and deployment of IoT within your organization can lead to increased productivity, customer satisfaction, and overall cost savings. But as technology becomes more critical to your business, it can also become more complicated.
Take time to fully understand the capabilities and vulnerabilities of your IoT devices and manage your security risks. Whenever possible these devices should be behind your network’s firewall, enhancing your network security and reducing the chances of compromise. The internet contains a wealth of information to help guide your IoT implementation decisions, or consider partnering with a Managed IT Service Provider whose knowledge and expertise will save you time, money, and resources as your Internet of Things grows. After all, your business is worth it.