IoT Device Risks and How to Protect Your Business
By 2020, there will be an estimated 30.1 billion Internet of Things (IoT) devices in-use worldwide.
IoT devices range from smart thermostats and lights, to locks and digital video recorders (DVRs). They may not look like computers, but once connected to your network, they transmit and receive data like one, presenting several business cyber security risks.
In this post, we highlight the risks you need to be aware of and how you can protect your network from a breach.
1. Network Complexity
With manufacturers prioritizing speed to market and low prices, many IoT devices don’t come with proper cyber security features or the ability to be patched to address vulnerabilities. In addition, the sheer number of IoT devices in use can present a problem for managing and monitoring network connections in a business environment. Connecting an unsecure device to your network leaves it vulnerable to a breach.
Let’s say an employee wears a wireless fitness tracker to work and connects it to a work computer, which is attached to your network. Because the device does not have any firewalls, anti-virus or malware software, your business network could be exposed to a hack.
2. Distributed Denial of Service
As the amount of IoT devices increases, new types of cyber attacks are emerging. For example, hackers are using IoT devices to conduct Distributed Denial of Service (DDoS) attacks that crash servers by overwhelming them with a huge number of requests.
This was the case in October of 2016 when hackers employed a botnet of unsecure devices to crash thousands of websites, including Twitter, Paypal and Comcast. DDoS attacks like this can temporarily disable your website and cause you to lose business. They are on the rise and relatively cheap for hackers to launch.
3. Data Volume
More IoT devices means more data. A report from the Federal Trade Commission (FTC) shows that 10,000 households can create 150 million data points per day. If 10,000 households can create that much data, think how much data could be generated by a business daily. As employees use more IoT devices to generate and host this data, there are more targets for hackers to exploit and gain access to sensitive business information.
Protect Your Business
We understand IoT devices can help your business work more efficiently, but you need to protect your business from risks. Here are some ways to get started:
- Connect with an expert security provider who has experience securing businesses from cyber attacks.
- Consult with your IT department to manage IoT devices and access to them.
- Disable unnecessary features on IoT devices that are programmed by default.
- Implement a managed firewall, and utilize an intrusion detection system.
- Implement best practices for password management.
- Isolate IoT devices to a secondary network if possible. Separate networks or virtual local area networks (VLANS) can keep IoT devices isolated from your primary data network.
- Perform regular maintenance on IoT devices, including patching and upgrading.
- Enforce your bring your own device (BYOD) policy, if your business has one. All devices should be secured and maintained.
- Search for vendors that provide IoT products with security in mind. Before making any purchases, ensure products can encrypt network communications, enable password/passcode protection, and regularly release updates.
- Set a clear cyber security policy, and continuously revise it. Technology is constantly evolving, and your security policy is no different. Update your policy every time you implement a new IoT device into your strategy.
How does your business utilize cyber security to protect against IoT attacks? Share in the comments below.