As if network security wasn’t already a difficult task for businesses, the exponential usage growth of the Internet of Things (IoT) is making it even harder to keep networks secure. Companies are finding they need to consider both the devices in the business, like smart TVs in conference rooms, as well as employee personal devices, like fitness trackers.
IoT devices are being used not only to access networks and steal data, like the famous fish tank thermometer in the casino that compromised a database of high-rollers, but also to do launch DDoS attacks, like the Mirai botnet attack that infected over 600,000 IoT devices to take down a large portion of the internet. As a matter of fact, DDoS attacks were up 91% by the third quarter of 2017, many using IoT botnets and, it is estimated by 2020 that 25% of all cyber attacks will target IoT devices.
In an article for ZDNet, Michael DeCesare, president and CEO at ForeScout, was quoted as saying, “Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line. Securing IoT is not just a cybersecurity issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility.”
But, with all the risk in utilizing IoT devices, Forbes says that “29% of organizations globally and across all industries adopted IoT” in 2017. The IoT is not going away, so businesses need to start getting a plan in place to handle this new technology and how best to keep it all running safe and sound. Policies will need to be put in place, such as the military’s restrictions on geolocations devices and applications.
5 Points to Consider when Dealing with IoT in the Workplace
The number of IoT devices is quite impressive. In 2017 more than 8.4 billion devices were in use, and a total of 25-30 billion devices is predicted to be in use by 2020. With these predictions, the odds are almost all businesses will need to deal with security for IoT. Here are 5 points to consider when dealing with IoT in the workplace:
- Provide a Separate Network
In your business, you probably already run a separate network if you allow visitors to use your network to gain internet access. Just like your visitor’s network, you should run your IoT devices on a separate, firewalled, and monitored network. And, a good rule of thumb on that network is to not allow, or to at least limit, automatic connections. Not only should your business-owned devices use this network, but also employee’s personal devices, such as Fitbits and smart watches, should also be kept to this separate network, especially since they are in no way under IT policies for security settings or passwords as set by the company.
- Setup Filters & Alerts
Setup filters on your dedicated IoT network that will alert the security team if there is a spike in traffic on a certain device or if devices that don’t normal communicate start communicating.
- Choose your Devices Carefully
Many devices out there have no security installed and some even have hardcoded passwords; either way, it is highly recommended to avoid these. Another thing to test is if physical access allows for intrusion. For example, using the factory reset and then being able to access with a default password. And, speaking of passwords, those need to be changed immediately on a new IoT device, and then changed regularly according to the company’s defined password change policy. If multi-factor authentication is supported by the device, use it! Devices that support encryption of data transmissions is highly recommended or use a VPN if they don’t (to limit data exposure).
- Limit Device Functionality
Only enable the functionality that you will be using on the device. For instance, if a smart TV is being used in a conference room as only a local display, disable the internet access on it. Regularly check to make sure IoT devices are up to date with their firmware and software updates, and if the device is no longer being used, remove them from the network.
- Check the Software and Ports
Most IoT devices come with controlling applications or backend services which need to be reviewed for their security and privacy policies. Just like the device itself, the controlling applications need to be kept up to date to avoid any breaches. Another thing to check are ports the software might be using and to configure and restrict them as best possible.
The Online Trust Alliance has put out a checklist that companies can use as a starting guide for IoT security. The pdf can be viewed and downloaded here: THE ENTERPRISE IOT SECURITY CHECKLIST
PS LIGHTWAVE is the consultative data-connectivity provider for public and private entities in the Greater Houston area. Through our high-quality infrastructure, innovative technology and superior level of support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. You’ll also appreciate that the PS in our name stands for “Pure Speed.” We fully understand that technology is a moving target, and we understand the people and infrastructure of the Greater Houston area. We are nimble, flexible and responsive, and we embrace leading-edge technologies that improve the customer experience. We invite you to learn more. Visit our website or contact us. Concerned about connectivity? Think PS LIGHTWAVE.