In the early days of the internet, you only connected computers to the world wide web, with actual physical wires, not over wifi networks. With the advent of wireless technology, we all connect countless devices to the internet, from computers to tablets to cell phones to thermostats and even light bulbs. Each connection is a security risk. Here’sHere’s what you need to know.
What is IoT?
IoT stands for the “Internet of Things.” What are those things, exactly? They’reThey’re all the connected devices we use every day. Essentially everything “smart” — smartphones, smartwatches, thermostats, TVs, tablets, security systems, voice controllers, and speakers provide just a starting list.
These IoT devices and more have become central to our daily lives and the running of our businesses. We get it; each IoT device brings another layer of convenience into our modern lives. With that convenience, however, comes new security issues.
What are the security risks and threats associated with IoT?
One survey found that 84% of organizations have IoT devices on their networks, and more than 50% of those say they don’t maintain necessary security measures, making them vulnerable to attack.
Attacks on IoT devices can impact the devices themselves and everything else on the connected network. This far-reaching effect across the IoT ecosystem brings disastrous consequences.
Increasing IoT attacks
Cyber-attacks continue to rise, and part of that escalation has to do with smart devices, which are prone to be hijacked and infected with DDoS (distributed-denial-of-service) attacks. These devices, once infected, can be used to infect other machines that they connect with through the network.
Increased online exposure
Any internet-connected device is vulnerable to exposure and theft of personal and security information stored on the device. Most users are unaware of the sheer amount of personal data stored on their devices and in the cloud via applications they use on a daily basis.
Most IoT devices don’t have built-in security, leaving them open to attacks. Part of this has to do with the short development cycle of these devices. Layer in the vulnerabilities existing in mobile applications, and hackers find themselves in a playground ripe for attacks.
Malware and ransomware
Even though these attacks are more common via desktop or laptop computers, they can come through other devices. Malware often infects IoT botnets (a network of devices connected to the IoT, like routers). The botnet is an excellent opportunity for opportunistic malicious actors who seek to hit as many devices as possible.
Mismanagement of devices or unapproved devices
Weak passwords, poor password hygiene, lack of cyber security awareness, et cetera, can compromise these devices and your network security. IoT deployment often takes place outside the realm of knowledge of an organization’s IT department, primarily when employees use the company network to connect their personal devices.
How can you keep your IoT secure?
Without the necessary security measures, any IoT is at risk of breach or compromise. Here are a few actions that can help bolster security.
Provide staff with comprehensive Security Awareness Training
Users are the number one vulnerability in any network, regardless of intelligence or intent. Because cyber security is a constantly-changing landscape, it is crucial to keep your staff up to date on cyber security best practices.
Appoint an administrator of IoT
Assign a single point person (or a team) to monitor exposures and ensure security for both in-office and remote workers. This role will understand the different networking protocols IoT devices use to communicate and stay apprised of new technology and new threats while monitoring device behavior for deviations.
Follow top security protocols
Across every endpoint and access point — wifi, network, and cloud — prioritize up-to-date security; this is where patching is critical.
Create independent networks
Network segmentation can mitigate risk. It involves creating a dedicated network for IoT devices and a separate network connection for guests.
Implement strict password hygiene controls
Poor password practices weaken security. Provide proper password hygiene training for all team members, including what makes a strong password and why it is important to change passwords frequently.
Be consistent about updates
An alarming number of IoT devices are unpatched and run on old operating systems. Require routine updates to maintain a more robust security posture overall.
Focus security on your specific industry
Security solutions for IoT can be industry-specific. Strict cyber security policies and measures are essential in industries such as medicine or finance, which demand a certain level of compliance.
Partner with a leader in cybersecurity
Not all businesses can handle the overwhelming task of cybersecurity in-house. Working with an outside firm, such as AccountabilIT, can boost your security across the board because it’s our job to detect and thwart threats and stay ahead of evolving threats.
Is it time for more mature security practices at your business? Find out how we can help you assess your environment, including your IoT, for risks, identify action plans, and reduce your exposure to security compromises.