Internet of Things (IoT) devices are all around us. Your fitness tracking device, smart speaker, and your Internet-connected car are some examples of the Internet of Things.
Traditionally, Internet-connected devices at businesses were limited to phones, computers, servers, and similar devices. Today, all kinds of everyday items can be connected to sensors and the Internet including monitoring devices on assembly lines, sensors on equipment that provide maintenance alerts, devices to track inventory and more.
Cost savings, improved customer service, and safety are some reasons why the Internet of Things (IoT) has taken off. However, this new technology also brings significant new security tasks. To keep your organization’s innovative edge, use these tips to manage IoT security risks.
Risk Awareness: What are the security risks with IoT?
There are a few IoT specific security risks to keep in mind as you adopt this new type of technology.
Lack of integration with existing security tools.
Your vulnerability scanning tools and other IT security software may not be equipped to monitor IoT devices. In that case, you may have security problems and have no way to detect them until it is too late.
Physical security risk.
Unlike traditional IT assets, IoT assets can be located anywhere, including publically accessible locations. For example, IoT smart cameras have been compromised by hackers in the past.
Lack of IT security training for IoT.
In many companies, staff are the weak link in IT security. Without up to date IT or CyberSecurity awareness training, your staff may not realize the security threat posed by IoT devices. For example, they may purchase a smart speaker for their office and fail to change the default passwords.
Security Assessment: Who is most vulnerable to IoT security Threats?
Now, you need to ask yourself: are IoT security threats significant for my situation? While IoT technology is growing rapidly, it is not a universal technology. To measure your security risk, use these simple self-assessment questions.
Cybersecurity risk tolerance.
Review your organization’s tolerance for an IT security event. For example, banks and governments have a very low tolerance for security while a startup company has less to lose. If you have a low cybersecurity risk tolerance that means you will be more concerned with IoT security threats.
Some industries are relatively more exposed to the Internet of Things devices. For example, the energy industry may use IoT devices to monitor oil production and processing equipment. Also, hotels such as Hilton (https://skift.com/2017/11/14/hilton-and-marriott-turn-to-the-internet-of-things-to-transform-the-hotel-room-experience/) are starting to use IoT devices to improve the guest experience. In these examples, you will see more IoT devices in your industry and you may even rely on these devices. Hackers are aware of his too which can make you more vulnerable to an IoT security event.
Workplace policies on employee technology.
The “Bring Your Own Device” (BYOD) trend started a few years ago with smartphones. It is a way to empower employees to use their preferred devices at work. Depending on how your policy is worded, employees may bring IoT devices like smart speakers to the office. If you do not have governance and security tools in place, this type of employee behavior will bring IoT security vulnerabilities into your company.
What precautions can you take to maintain IoT Security?
There are many ways for IoT security vulnerabilities to enter your organization. Fortunately, there are ways to address these threats.
Update your security monitoring software systems.
Without awareness, you cannot detect IoT device activity. Therefore, we recommend updating your security software to identify IoT device connections. Talk to your security vendors about your options.
Require the use of strong passwords.
Having strong passwords is always important, but especially so for IoT devices. Strong passwords on the rest of your network will also add a second line of defense if an attacker does gain access through a device.
Make sure patches are up to date on IoT devices.
Most manufacturers of IoT devices will release security updates for their IoT devices when vulnerabilities are discovered.
Provide guidance to employees on IoT security.
Your employee’s smart speaker may introduce security risks they don’t understand. That’s why we recommend starting an employee communication program to raise awareness about the risks.
Restrict IoT device usage to certain areas.
The final precaution we recommend is to restrict when and how IoT devices can be used. For example, restrict their use in sensitive areas like executive offices and server rooms. These restrictions make it more difficult for hackers to gain unauthorized access to their systems.
While it’s great for businesses to take advantage of the benefits of new technology, it’s important to take the time to understand and prepare for the risks that come with it. If you would like assistance reviewing the security risks that IoT devices bring to your business, please contact our network team at 260.423.2414.