How To Safely Secure IoT Devices
By Rick Delgado, contributing writer
The Internet of Things (IoT) is a powerful business tool, opening new doors to connectivity, data, and efficiency. However, as IoT grows and becomes more common, the risks also increase.
The beauty of the IoT is a huge array of devices can be connected around the world. Gartner estimates the number of connected devices will increase 31 percent in 2017 over 2016, reaching 20.4 billion devices by 2020. However, adding more devices can take away some core security features and put those devices and their networks at risk. It is possible to take advantage of the IoT’s many features without sacrificing your business’s security by considering the following.
Know What Devices Are Connected
One of the first steps to staying safe is to know what devices are connected to the IoT. After all, you can’t control a problem if you don’t know it exists. Every device connected to the IoT shares information, but the type of information transmitted can be different. Not every device has the same security measures, and some devices are manufactured to be more secure than others.
Before adding any device to the network, the company and its IT department should be aware of the risks and security measures needed to make sure the devices don’t jeopardize security. All companies should have a database or list of current devices, their locations, the type of data they generate, what they control, and the networks they use to communicate. This can include everything from sensors for manufacturing equipment to wearable devices and tablets used by employees to self-driving cars and machinery. Keeping an updated inventory of connected devices is invaluable in creating a strong business security system, as well as for making certain everything is secure and all devices are updated with the newest security measures and protections.
Create A Comprehensive Security Plan
With a basic understanding of what devices are connected to the IoT, the company can create a personalized security plan. Because nearly everyone at a business likely works with IoT devices to some extent, employees at all levels of an organization should be aware of the risks and what to do it their device is hacked or attacked.
“As with all cybersecurity initiatives, IoT protections should be developed by cross-functional teams that include IT and security professionals, business unit managers and C-suite executives,” says analyst Dwight Davis. “Beyond device and network protections, IoT security plans must include incident response blueprints and other relevant information, such as legal and regulatory requirements that may apply.”
The security plan should start with things as basic as setting effective passwords, which is one of the best ways to prevent cyberattacks. Employees should know what to do if they sense an attack, and regular tests and trial runs should be scheduled so all employees can practice how to quickly detect and shut down a possible attack. The security plan should consider the worst-case scenario and make sure everything is covered.
Maintain Physical Security
Some of the biggest threats with the new IoT are physical threats. Because IoT devices can be used to control many physical things remotely, they are at risk for being hacked and the physical spaces broken into or stolen.
A growing number of businesses use IoT sensors to lock doors and windows to secure sensitive materials. Instead of having to physically lock or unlock a door, sensors can simply unlock the correct doors for employees who are wearing a badge that grants them access, for example. However, just because a company has IoT sensors doesn’t mean they can skimp on physical security. Devices can easily be hacked that would allow for a window or door to be erroneously unlocked. By keeping physical security as tight as it was before adding an IoT component, companies can have another set of eyes and ears to make sure their physical space and data is safe.
No business will ever be completely immune to a cyberattack, but preparing and being informed can be hugely helpful in preventing and mitigating possible attacks.