4 Tips to Secure Your IoT Deployment
After years of delays and false starts, 2017 is supposed to be the year where the Internet of Things (IoT) truly starts to become a ubiquitous part of our lives. But while progress has been made, deploying IoT devices has been slowed by various concerns, of which the biggest are the very real security concerns around any IoT network.
Any IoT breach can carry serious consequences. A survey released today found that “Almost half of all companies in the US using an IoT network have been the victims of recent security breaches,” which can cost smaller companies around 13 percent of their annual revenue. Each of the tens of billions devices which make up IoT networks are a security threat, and the network is only as strong as its least protected device.
None of this takes away from the IoT’s benefits. But if companies want to use the IoT without being worried about threats like ransomware or privacy breaches, there are some critical steps in order to ensure your network and organization’s security.
1. Prioritize your devices
A February estimate of IoT forecasts that there will be 8.4 billion connected things worldwide in 2017 and that this number will increase to 20 billion by 2020. But just because a device can be connected to the Internet does not mean it should. And each one of those devices represents a security threat, as shown by cyberattacks where hackers took down major websites like the New York Times by hacking baby monitors and webcams.
I did not make that last sentence up. Each one of these devices represents a risk. And newer, more innovative devices using the IoT are more problematic because toaster and refrigerator manufacturers do not possess the same technological knowledge needed to protect their devices which larger tech companies have.
If you are creating a network with an IoT signal booster, whether for your home or your business, each and every device added is a potential security risk. Consequently, take the time to ask yourself if you really need that new device which boasts Internet connectivity to be connected to the Internet. If you cannot think of a good reason, then do not connect it. As so many more companies create new devices as part of the IoT, users have to realize that some devices are not worth the risk.
2. Hold cyber security drills
You have probably heard stories about how some businesses pay hackers to try and break into their business so they know what their weaknesses are. Such an approach may be a bit extreme, but a business should consider holding cyber security drills in order to identify weak IoT devices and how secure your system is.
Drills are not just about knowing your cyber security weaknesses. They are about ensuring that everyone knows what to do in the event of a breach. Businesses should have a plan for a data breach or hacking just as a business in Japan should have a plan for what to do in the case of an earthquake. If a hacker breaks into your business through your IoT devices and uncovers data, testing beforehand should make it clear what sort of response your business should give and what sort of data is the most likely to be at risk.
3. Communication within the business
As noted above, a major threat with IoT security is that there are a lot of IoT-related devices out there where security is a secondary concern for the device makers and tacked on at the end. This cannot happen if you are deploying an IoT network yourself. Leadership must be in constant communication with their IT departments so that everyone is on the same page.
This may seem obvious, but IT departments everywhere have always complained about how leadership does not understand the security risks they are going under, and IoT will just make this worse. I have personally heard in certain companies the idiotic paradigm of leaders who say the IT department is pointless when things are going fine, and then complain how they are not doing their job when things are going badly.
The IoT necessitates further cooperation between IT and the highest levels of leadership to know what security measures should be implemented for your business. Get on it.
4. Change passwords
A basic example of the lack of communication between leadership and IT concerns passwords. Most IT professionals know that it is important to have strong passwords which are changed regularly, but leadership can chafe at trying to remember those more complicated passwords. But a strong password really matters for IoT devices. Many of them come with a default password, but businesses never bother to change them as they are unaware of the security risks.
Passwords and encryptions remain some of the most basic yet critical aspects to protecting your devices. Talk with IT about ensuring that all of your devices carry strong protection and make sure it is regularly changed.