IoT security threats and how to beat them
This entry was posted on July 7, 2017.
The increasing adoption of connected devices within businesses of all sizes, known as the Internet of Things (IoT) is a hot topic at the moment, and has many tech commentators feeling rather excited. It’s no wonder really, IoT is seen by many as the starting point of the most anticipated movement of our generation - Industry 4.0 - which is set to completely revolutionise the way we work and live.
While IoT is a major step forward, it is also one of the biggest causes of concern for IT managers. The very notion of IoT will bring about a massive increase in the number of devices connected to the internet at any given time, which brings with it a completely new set of security challenges. We explore these in more detail below.
There are many reasons why increased connectivity can create new security challenges for businesses - and one of the key threats is out of the hands of IT managers entirely. The production of new connected devices, including the hugely popular wearable tech, as well as webcams and kettles, is often inexpensive, which means IT security is very often overlooked by the manufacturers themselves. Such devices often run on basic software that cannot be updated or patched, and sometimes, the code is written in a way that can not be understood easily.
For this reason, it is these devices that are more likely to be targeted by attackers, as they offer easy, unprotected entry points to the network. Often, there is a misconception that the responsibility of such devices falls to those who manage each network, rather than the manufacturer. Unfortunately, because the manufacturer has no legal accountability for security, there is no incentive for them to invest more time to security during the development process.
Integrating personal devices into a business network is another key concern for IT professionals. Giving the Wi-Fi password to just one member of staff is risky and will likely lead to a number of new devices popping up on the network as it slowly works its way through the workplace. While this isn’t a major cause for concern, the result of this is that enhancements are typically only made after a high profile breach has gained media attention. In the current business landscape, where budgets are repeatedly snipped, security is very often more reactionary than strategic.
Preparing for the rise of IoT
While IoT adoption has been slower than originally anticipated, there is no denying its effects are beginning to take hold. Although there is no way to completely eliminate the risk of a breach, there is a number of steps that can be taken to help to improve your defence strategy.
1) Hire an IT security specialist
While it may not be possible for all organisations, businesses with those sought after budgets should look to hire someone who specialises in security within their IT department. This approach tends to be more effective for enterprise-level organisations, where the monitoring and implementation of the network’s security is a full-time job. Security is an issue that is only going to get bigger, so this member of the team would never be wasted.
2) Device inventory and remote access
To effectively manage which devices are communicating and accessing a network, IT staff need to know what those devices are. A full inventory of devices should be taken, and workplace policies should be updated to ask that employees register their items with the IT department before they are permitted to access the network.
As with BYOD, the sysadmin should have the ability to block devices and wipe any work-related content remotely if a device becomes compromised.
3) Set up an isolated Wi-Fi network or VLAN
To mitigate threats for the business side of the network, such as company software and email hosting, you should set up an isolated Wi-Fi network or virtual network for employees and guests to connect their personal devices. This allows the IT manager to apply separate restrictions and increase firewall security.
4) Ensure ports are not left open
Users often struggle to connect to company Wi-Fi, and often look around for another solution. Although the origins of this issue can date back further than IoT’s inception, the increase in devices with connectivity could bring it to the forefront once again. Security can be added to switches so that if the hardware address plugged into the port changes then it sends an alarm to disable the port.
5) Encourage regular password changes
Sysadmins should always encourage users to change their passwords on a regular basis if they are connecting to the company Wi-Fi using a personal or communal device.
6) Disable unnecessary features
Some smart devices come complete with a host of additional features that are unnecessary and rarely used. Sysadmins should take some time to figure out which of these will be underutilised and then switch them off, as these are very often the kind of features that hackers will use to breach privacy.
7) Carry out regular audits
While security audits can be laborious and time consuming, they help to give an organisation’s IT department a clear impression of network vulnerabilities. We offer advice on how to carry out a security audit in this guide.
King of Servers is happy to discuss help if you’re looking for tips on how to carry out a security audit effectively, no matter what size your business is. Get in touch with us today!