The 3 Best Ways to Secure Your Corporate IoT Devices
Attempting to predict the future in the realm of digital technology is often an act of folly or of speculation on par with science fiction. However, one prediction that seems a safe bet is that developers, manufacturers, and researchers will work to connect more and more devices to the internet as part of the growing web of the Internet of Things (IoT).
IoT has experienced a boom in only the past five years, with devices as diverse as cameras, televisions, vehicles, and even kitchen appliances all being connected via routers and Wi-Fi. And that boom is only gaining speed: a conservative estimate by technology researcher Gartner says that number of IoT devices will grow to over 26 billion in 2020—only 2 years from now. Enterprises around the globe are embracing the new technology as a boon to productivity and coordination.
But as we all know, any growth in digital technology attracts predators. Gartner anticipates that a third of all cyberattacks will target IoT devices by 2020. “Always on, always listening” devices like Amazon Echo can be compromised and turned into surveillance devices. Botnets, like the infamous Mirai wave, can inflict permanent damage on devices through denial-of-service attacks. And the connections between the IoT devices can be an idea infection vector for malware, as viruses leap from system to system just out of reach of many security solutions.
Endpoint solutions can help catch issues and malicious activity on IoT devices, but cybersecurity is a two-way street. There are proactive ways to secure your enterprise against rogue IoT behaviors. Here are 3 best:
1. Take Control of Your Network
IoT devices are a continual vulnerability as long as they are on the same network as your devices. So the best strategy is to be hands on concerning your network. Be judicious about what devices do and don’t have permission to connect to your network. Obviously you can connect your break room fridge to your network, but the possibility does not create an obligation. You shouldn’t connect devices unless they are necessary.
Additionally, you can place your IoT devices on a separate network, so that guests accessing them via suspicious devices or other networked devices—or if possible simply unplug a device not in use.
2. Don’t Neglect Your IoT Passwords and Encryption
Most IoT devices come with a default password from the manufacturer. Unfortunately many enterprises forget to change this password, or use the same password for each IoT device. Obviously, this is a major security flaw, one that many hackers are only too happy to take advantage of. Don’t make it easy for them; give each networked device a strong, individual password.
At the same, check you IoT devices’ data encryption to ensure the data stored on networked devices is secure. If you feel it isn’t quite up to par, consider installing an encryption tool or placing your files in a protected ZIP file.
3. Make Sure Your Firmware Is Up-To-Date
This is a best practice for all of your devices, IoT or not, but it remains especially true for the latter. Most IoT items will not check their manufacturer’s sites for firmware updates automatically, which leaves them more vulnerable to hackers. The responsibility to manually update your devices will fall to you or your IT department. Checking yourself will also let you know if the manufacturer considers your item obsolete—a clear sign that you need a new model.
Treat each IoT device as you would would a user: employ a zero-trust model for each of them, watch their behavior for malicious activity, and monitor their permissions. Also, don’t have confidential conversations with an always listening device in the room. You never know who might be listening.