The IoT world is touching almost every aspect of our economy, from internet-connected virtual assistants to security systems. Business ecosystems are becoming increasingly dependent on the ease of communication offered by the IoT. This dependence is mainly because the IoT allows for automation and streamlining of time-consuming tasks.
However, the IoT opens businesses to cyber threats, and with the number of devices added each day to the IoT ecosystem, threats and attacks will continue to grow for data and infrastructure. In 2018, 21% of companies reported a data breach or cyberattack due to unsecured IoT devices, according to a study from the Ponemon Institute. Gartner predicted that by 2020, 25% of all cyber-attacks will be IoT based.
Some business owners don’t realize how vulnerable their devices are, but in most cases, companies simply aren’t doing what is necessary to secure their IoT devices. With the connectivity and data sharing across disparate systems, businesses must start securing their IoT ecosystems, or they’ll be risking privacy, security, and much more.
Let’s look at some things we should be considering when we use internet-enabled devices and systems.
Know and Understand the Devices You Have
The first thing your business should do is take an inventory to discover and account for all IoT devices that are connected to your network. An accurate inventory will give you a starting point for getting devices under control. This will give you clarity for managing devices that shouldn’t be connecting to your network or don’t have the right permissions and security settings.
In looking at all your connected devices, consider the potential privacy issues associated with them as well. Be sure to look at what kind of data is stored and transmitted by the device. It’s very important to find a way to inventory personal devices that people are using in conjunction with your network. If you have employees working remotely, this may be a hard task. Many of your employees’ devices increase your risks and are much harder to manage. You should adopt policies that will help prevent a future attack that could come from an employee’s personal device that is connecting into your network.
Creating an inventory can be easy if you’ve done it from the start or if you have a small company with a few connected devices. For larger companies, it may be necessary to invest in a comprehensive IoT discovery and monitoring software.
Once you have taken a full inventory, you should put together a scalable security strategy that will support all future IoT deployments.
Use Strong Passwords and Encrypt Everything
Many IoT devices come to you with default passwords, and because many people neglect to change the default, devices on your network become vulnerable to security threats. Strong passwords for every device connected to your network will add a line of defense by helping to prevent access to multiple devices.
Additionally, any data sent from a device to the cloud or from device-to-device needs protection through encryption and authentication. As a requirement, data should be encrypted, whether at rest or in transit.
Segment Your Network
Network segmentation is a way of segregating computer networks so that they are isolated from one another. By segmenting the network, companies can minimize the impact if one network segment is breached.For example, employee laptops need access to various business applications, but they don’t necessarily need to be connected to the same network as task-based IoT systems. By logically dividing the network, you can eliminate a lot of risks. If a hacker successfully breaches your network, segmentation ensures that they won’t get all your sensitive information.
Restrict Access to Sensitive Data
With devices all around us constantly collecting data and being made accessible remotely, would-be hackers have new abilities to measure and monitor individuals AND whole organizations. Many IoT devices, such as security cameras, record what is going on in an office. Other devices have access to and stream sensitive data.
As mentioned above, two key aspects organizations should require are network security and encryption of data. By putting these measures in place, you’ll be able to better protect your sensitive data. Each company will have different concerns, which is why it’s important to map out a plan that works for your organization.
Unsecure Devices
Before the IoT, companies mostly had to worry about software updates for content management systems, servers, and desktop computers. These days businesses must remember to update everything from connected copy machines to security cameras. Businesses are often bringing insecure IoT devices into their networks, and then failing to update software or apply security patches. An example of the vulnerability this creates would be a criminal that hacks into unsecured security cameras. The criminal could then use the camera as an access point to the rest of the company’s network.
It’s not uncommon to see devices that are five years old suddenly get hacked because the devices have never had an update. Some devices used in offices are old enough that the manufacturer is no longer providing updates for the software – or the manufacturer is no longer in business. When purchasing IoT devices, try to pinpoint manufacturers whom you believe will be around for years to come and have proven to update older products when there is an issue.
Don’t hesitate to reach out to SecureNet’s professionals if you have any questions.
Recent Comments