We are living in the age of the Internet of Things. It seems like nearly everything is connected to the Internet in some way, from our coffee pots to our cars, and more devices are getting connected all the time. And while such connectivity has its benefits, it also comes with risks, especially when IoT devices are connected to corporate networks. In fact, in the wake of the large-scale DDoS attack on internet infrastructure company Dyn in late October 2016, which investigators believe stemmed from unsecured IoT-connected devices, business owners and IT security teams are moving IoT security up higher on the list of priorities, and looking at ways that they can mitigate the risks to their own data security.
Ever since the IoT began gaining steam a few years ago, security experts have been concerned about the ability of hackers to use connected devices to wreak havoc. From spreading malware to launching DDoS attacks like the one on Dyn, the potential is there for criminals to use connected devices to gain access to more sensitive networks. While it might seem hard to imagine, there is a distinct possibility that a hacker might use something like a photocopier or a fitness tracker to inject malware into a company network. Because of this very real possibility, there are some important steps you need to take now to manage the IoT risk on your company network.
Use Firewalls
It’s no mystery that corporate networks and endpoints need firewalls for protection against threats, but the need for a firewall extends to the devices as well. Unfortunately, until recently, many IoT devices did not come equipped with a firewall, as embedded engineers often underestimated the security risk of embedded devices — again, who is really going to attack a coffee maker? Even those devices that are equipped with security measures, such as authentication and encryption, are often not adequately protected. Not only do these measures fail to protect against brute force attacks, but weak passwords can be easily hacked or stolen, and encryption isn’t always foolproof. A built-in firewall adds another layer of security to the devices to keep them safe from hackers.
The need for stronger firewalls also extends to your network. Be sure that your team is has the most up-to-date training on pfSense (or your firewall protections) and have it configured to protect against malicious traffic, helping to stop harmful attacks.
Improve Network Visibility
Keeping your network safe requires knowing which devices are connected to the network, and ensuring that they are secure. A company policy that prohibits IoT devices that are not secured with up-to-date protections from accessing the network is ideal. You can also gain visibility into which devices are on the network by carefully controlling network passwords. Some companies have adopted local area networks or VPNs specifically for IoT devices, which are completely separate from the primary company network, and designated for IoT devices, protecting the main databases from unauthorized access.
Establish Clear Policies Regarding IoT Use
Employees need to be educated regarding the risks related to the IoT, and understand the company policy regarding the acceptable use of corporate networks for personal IoT devices. In other words, just because something can be connected to the internet doesn’t necessarily mean that it should be connected, and employees should know the guidelines and the consequences for not following them.
Follow Password Best Practices
Most IoT devices are ready to use out-of-box, and most people do not take the time to change default settings before connecting them — and that includes passwords. All of your office’s IoT devices should be configured for security and follow the protocols for securing other devices and databases. In other words, anything that is connected to your network should have its own strong password (not the default password) which adheres to your company policies as far as length/structure and frequency of updating.
Protecting your company network from IoT risks will undoubtedly become more complex as the number of connected devices increases and criminals begin to realize the true potential of attacking them. With that in mind, it’s important to remain aware of the risks and develop strategies for keeping your data safe now, to avoid being caught unaware and falling victim to an attack in the future.
About the author: Jackie is a content coordinator and contributor that creates quality articles for topics like technology, home life, and education. She studied business management and is continually building positive relationships with other publishers and the internet community.