As more and more Internet-connected devices make their way into our homes and businesses, the potential for this technology is exciting and constantly changing. With this new technology come numerous advantages, but a breach within an IoT device could have significant consequences for an organization from impacting the safety of patients, shutting down productivity for a business or crippling an entire city’s transportation system. It’s one of the fastest growing market trends and according to a survey by Ponemon Institute, in 2018, 21% of companies reported a data breach or cyberattack due to unsecured IoT devices. If your organization is one that’s adding to the more than 5.8 billion endpoints we’re set to reach this year, there are some things to consider as you move forward with an IoT implementation plan.
Create a separate network
The FBI recommends you should have two separate networks: one for smart devices and one as your primary network. This is a good practice not only for individuals but also for businesses. By separating your IoT from the rest of your infrastructure, you can more readily identify a breach in your devices before the compromised device becomes a direct route to your primary network data. Because moving between two networks requires considerable effort, it can slow down an attack long enough for security protocols to deploy.
Keep track of your devices
Your IT department needs to be tracking everything that is connected to your network and monitoring traffic as well as being on the lookout for suspicious activity. This includes your IoT devices too, and the more devices, the more vulnerable your network can be. You should routinely assess these devices to maintain correct access levels (including limitations on the ability IoT devices have to initiate network connections), confirm that they are fully patched and up-to-date on software versions.
And if your devices are no longer able to support the latest software applications and are running into the end of their lifecycle—it’s time to talk with your IoT vendor about new devices and updating your assets and product inventory.
Practice for a data breach
Chances are you already have a plan in the event of a natural disaster or cyberattack. But don’t forget to include IoT: create a detailed plan, simulate an attack and regularly update your strategy. With the unique challenges faced with detecting and responding to IoT data breaches, it’s a good idea to understand where your emergency preparedness is lacking and resolve it prior to a worst-case scenario. Practicing gives your cyber security team the experience to know how to respond quickly and effectively to save you time, money and limit damages. Learn more about disaster recovery planning here.
*Bonus Tip*
How many of you and your coworkers have smartwatches, fitness trackers or other wearables? Probably a fair majority and as much as we love them, these devices are a big target for hackers. Think about the risk to your network by personal IoT devices. If your company Wi-Fi gives employee devices access to sensitive network data, consider banning personal connecting or creating a separate Wi-Fi for employees to connect to safely.
As you look into integrating IoT devices into your business, know that the advantages of this technology far surpass the risk if done right. If you’re concerned with the security of your current IoT, make sure you are working with experts who can build a secure system with the best vendors and products for your specific business. Ready to get learn more?