Implementing a new business process or system? Chances are, it’s going to include IoT. Gartner found that more than half of these projects will include an IoT component by 2020.
F5 Labs reported that IoT attacks have increased a stunning 280% in the first half of 2017!
Businesses cannot ignore the crucial need to secure internet-connected devices. In his recent Forbes post, our CEO, Francis Dinha, outlined the following five steps individuals and businesses need to take to secure IoT devices.
Secure your devices when possible
For businesses, this step needs to include specifying the processes and procedures to do this for any device that connects to the network.
1. How do you manage software updates? Are they done routinely and as soon as updates come out, so you have the most secured, patched versions?
2. Have you set up filters and firewalls? Configurations may include preventing employees from sending sensitive data outside of the network, prevent access to certain websites (like social media), blocking internal access to outside computers, etc.
3. What procedures do you have in place that define good internet habits? Kaspersky Lab specifically listed seven of them, back in 2014, and they’re still relevant today: keep updated; don’t connect unprotected, outdated computers to your network; treat your smartphone like a computer and protect it as well; never click on dangerous links; be smart about passwords by using a manager; report threats; and talk to your kids and parents (and we would add teaching all employees) about good internet habits.
4. Beware of phishing scams and spoof sites. Regularly conduct employee training about the latest scams, how to both avoid falling victim and how to report suspicious emails, sites, texts and phone calls.
5. Set up advanced password protection. Use two-factor authentication or biometric access when possible. Require employees to follow good password hygiene as well.
Choose reputable vendors when buying smart devices
As Dinha said in his post, “if you’re buying a digital media player or baby monitor, purchase the device from a vendor that has an established reputation.” Do the same with all business device purchases. Why? Because reputable vendors are committed to providing better security and pushing out updates to address threats when they are found. If it means paying a higher price, it’s absolutely worth it to protect your business’s most valuable asset: its data.
Upgrade the security to your network
Put the following on your calendar right away: “Test for network vulnerabilities.” Schedule it as a recurring event because this is something that should occur regularly, if you don’t already have it set up. Evaluate and test your network setup to validate your security settings.
Evaluate using the public or private cloud
Many IoT devices connect to the cloud for storing data. Do you know which ones do and where the data is stored? Review privacy settings. Set up a private cloud for your business if you need more specific security settings (such as requirements for regulations), so your devices store data on dedicated servers with access you control.
Set up a VPN on your router
Prevent attacks from penetrating your network by using a VPN on your router. It’s an added firewall for managing traffic in and out. Setting up a VPN client on a single PC is the most common method for using them. However, businesses can provide broad protection by installing at the router level. Thus, all data is encrypted when it leaves the network. VPNs can be installed on compatible routers or pre-configured routers. After setup, all devices on the network are now connected, no additional software needed.
“We’re all connected,” Dinha said. “That’s not just some warm and fuzzy expression of sentiment. It’s the reality of the digital world we inhabit.” As you connect more and more devices to your business network, you’ll reap the benefits of adding technology, but you must do so with security in mind.
Remember Dinha’s important advice: “As we move into an increasingly connected world, we must all take the responsibility to protect ourselves and our networks from attacks.”