The Internet of Things (IOT) is an umbrella term referring to any smart device that connects to the Internet. The IOT network has rapidly grown over the past few years, with light bulbs, refrigerators, copy machines, cameras, and cars all becoming Internet-connected devices. All of these connected devices are generating and storing data for their various functions, posing serious security and privacy concerns.
Many IOT vendors are new startups and may have little experience in information security. In order to get their devices on the market, IOT vendors may not pay close attention to the security of their products. In addition, many IOT devices are opened, taken out of the box, and left unsecure and vulnerable to attack.
IOT devices can also increase the attack surface on a company’s network. As more devices connect to the Internet, attackers gain another gateway to access a company’s internal networks and systems. It is important to keep these devices secure so attackers cannot use them to attack or gain access to your network and data.
- Do your research on the device. It is important to know the level of security available with the device and similar devices from other manufacturers.
- Keep patches and versions up-to-date. Does the device automatically update? If not, determine how often should you check for updates? Ideally, you want an IOT device that automatically updates when security fixes are released. Otherwise, monitor for any alerts released by the manufacturer.
- Change the default password when setting up the device. Most factory and default passwords are commonly known and attackers will be able to bypass it with ease. Setting up a strong password when first configuring your IOT device is one of the simplest and most effective security practices.
- Limit devices connected to the network. Connect devices only when necessary or buy non-connected versions. Turn connected devices off when not needed.
- Report suspicious activity on company IOT devices to IT. Prompt reporting is important to stop malicious activity before it spreads to other company devices and networks.
Source: ePlace Solutions.