As more and more businesses take the plunge and begin their rollout of IoT (Internet of Things) initiatives, IoT devices will become increasingly attractive targets for hackers. For organisations wishing to make the most of this fourth industrial revolution, security must be a priority.
Keeping your networks separate
When it comes to internal company networks, IT teams must ensure that these are separated by firewalls so that it’s easier to mitigate the impact of a cyber-attack if one does occur. Similarly, make sure to restrict access to emails and telephone systems through firewalls so that only portions of your business’ network communicate with the outside world.
In the world of IoT, this means making sure user-owned IoT devices remain outside of the firewall and ensuring that only certain employees have (very limited) access when it comes to monitoring, updating and managing them. It’s also important to segregate your IoT devices on their own subnets and secure those with access control lists. As the saying goes: if your name isn’t on the list, you aren’t coming in.
Similarly, it’s important that specific services that aren’t required on the connected devices at all times are turned off when not in use. This ultimately minimises the attack surface and any vulnerabilities. Businesses should also use a solid wireless network architecture first and foremost when rolling out any IoT initiative to limit the risk of cyberattacks and breaches. This means if you’re connecting to the Wi-Fi, then make sure to disable everything else (including the Bluetooth).
As with any digital transformation project, customers and employees will need to be educated on security best practices from the very beginning. Being able to spot a phishing email, or knowing the importance of regularly changing your passwords, may seem simple to an IT department but for an HR team, for instance, teaching them what to look after could be the difference between staying secure and not.
Similarly, when it comes to securing an individual IoT device, those best practice policies are just the same as those implemented on any other network device. Default admin usernames and passwords on the device should also be changed to a new, secure password before being deployed as standard. Even if you can’t change the admin ID, you should still make sure to change the password and, if there are any other accounts on the device, make sure that no one password is being used on more than one device.
In that same vein, it’s important that the administrator passwords you choose are different for each device. Furthermore, it’s important that updates and patches are installed across the entire network, and not just on one application or connected device.
The opportunities IoT presents for businesses are huge and, with the right security systems in place to protect your assets and devices, the sky really is the limit.