“The ease with which hackers can exploit security vulnerabilities in these cheap and plentiful [IoT] devices is disturbing,” writes PivotNine Chief Analyst Justin Warren. “It threatens the reliability of the Internet upon which millions of people have come to depend…the flood of new Internet-connected devices only increases each year, as the hype train gathers speed and those with dreams of striking it rich join in with this latest gold rush.”
These vendors are not interested in security. They are not interested in the expenses involved in protecting data – whether business or consumer. They are interested in ease-of-use, cost of distribution, and time-to-market.
And they are largely interested in consumers, who do not have the same security concerns as businesses. Yet a smart thermostat or connected coffee maker can see use in an office just as easily as a home. Once such a device is patched into a corporate network, it is essentially an invitation to hackers.
Until the regulatory climate surrounding IoT devices matures, this will not change. There is currently no liability for vendors and manufacturers. There is no reason for most of them to care about cybersecurity.
It is therefore up to us – all of us – to take IoT security into our own hands:
- Pursue a new mindset. The onus of corporate data security is still largely in the hands of employees – but they cannot be expected to secure the coming flood of endpoints. Your business must pursue new security practices and processes, such as automation and intelligent threat mitigation.
- Train your staff. Cybersecurity training is more critical than ever. Update your awareness programs to incorporate the importance of IoT security, and include advice on how workers can protect their own smart hardware at home.
- Understand your endpoints. Use an endpoint management solution that allows you to directly manage and monitor smart endpoints. You need more than EMM or MDM.
- Segment nonessential devices. Your office coffee machine and thermostat do not need to be on your core network. Configure a guest network for non-essential endpoints, and isolate it from your business’s main network.
- Automate your updates. In addition to working with vendors who pledge to take security seriously, ensure that IoT updates are applied automatically – there is no other way to keep all your endpoints up to date.
- Configure every IoT device. This includes changing the default username and password and testing each new device for vulnerabilities.
From a cybersecurity perspective, the Internet of Things is a mess. But it also represents one of the best evolutions for both our personal and professional lives. That’s why there is no slowing the growth of IoT – the best you can do is prepare yourself for the risks it brings with it.
And now you know how to do exactly that.