If you want to remain competitive in the future, you have no choice but to succumb to the rise of the internet of things (IoT). However, even with all of the benefits, it's becoming increasingly difficult to deny the security risks IoT presents.
IoT security risks: alarming and pervasive
If you spend any time studying cybersecurity and recent attacks on businesses – small and large – you'll come away from the experience fearful. The landscape is brutal right now, and the intensity and frequency of attacks are expected to pick up in the coming months.
According to the 451 Global Digital Infrastructure Alliance Report published at the end of 2016, endpoint security is the number one IoT security concern for businesses. Roughly 63 percent of respondents reported physical unsecured endpoints as their chief concern while poor authentication of these endpoints followed closely at 55 percent.
When you look at the IoT from a broader perspective, 50 percent of respondents said security was their biggest inhibitor to adopting formal IoT policies. This makes sense, as each additional device a business connects to its network ultimately establishes a new entry point to the network.
According to a study conducted by Fortify, 70 percent of popular consumer IoT devices can easily be compromised by professional hackers. In other words, more devices equal more problems.
Then there’s the dilemma of the astronomical proliferation of data. With more devices collecting and storing data, there's more for hackers to steal. There's also more at risk for businesses and individual consumers. As a result, there's a greater need for sophisticated security measures to keep confidential data out of the hands of malicious hackers.
5 tips for making your IoT policy more secure
From a business perspective, you need to come up with a sophisticated IoT security policy that eliminates points of vulnerability, secures data and keeps your organization out of harm's way. Below are a handful of suggestions.
1. Only connect devices when necessary
Just because you can connect devices, doesn't mean you should. Each device you add to your network adds functionality to your business, but it also increases risk. If you don't have a functional need for connecting a particular device, there's no sense in adding the risk.
In fact, you should probably think long and hard about how many devices you allow employees to connect to your network. It might sound like a good idea to let each employee use a smartphone, tablet, laptop, and desktop computer, but slow down and consider the situation. There's already a bunch of inherent risks involved – don't push yourself even further behind the eight ball.
2. Create separate networks
One practical way to protect your business is to create separate networks for different purposes. The classic example of this involves guests in your office. While you might need to offer internet connectivity to visitors and/or customers, do you really want them on the same network that you store confidential files and important data? Creating a secondary network removes some of the risk you face in these situations.
3. Use cloud-based SD-WAN
If you want to secure your mobile users, one of the best things you can do is invest in a cloud-based SD-WAN solution. Some options include built-in next-generation firewall (NGFW) and firewall as a service (FWaaS). Both of these features work together to protect mobile users and locations from external threats – something the IoT makes individual users extra vulnerable to.
Even if IoT devices are unable to be patched, the advanced threat protection features found in a cloud-based SD-WAN solution give your IT professionals the ability to implement virtual patching. This added layer of security can prove to be quite helpful in situations where individual devices are targeted.
4. Practice good password hygiene
Many IoT attacks actually start with a single compromised password that gives a hacker access to other information that can be used to cause further damage. To protect your business from these attacks, better password hygiene is a must.
In addition to creating stronger, more sophisticated passwords, encourage your employees and users to implement unique passwords for each account.
5. Provide proper training for employees
While you might understand what it takes to protect your business from IoT-related threats, it's entirely possible that your employees are unaware of the external risks facing the company. Training employees on proper BYOD and IoT security will help them understand their role and what can/should be done in certain scenarios.
In addition to conducting employee training, regularly check in and see how things are going. The guidelines will probably need to be updated as factors change, so don't be afraid of refreshing your network's users on proper protocol.
Be prepared to evolve over time
While we've been talking about it for years now, it's important to remember that we're only in the beginning stages of the IoT. When we look back in 10 or 12 years, 2018 will be considered IoT's infancy. Having said that, things are still developing at a rapid pace, and you must be prepared to evolve with the changes over time.
You can't set an IoT security policy and neglect it. If you're serious about protecting your business and keeping data safe, you have to regularly evaluate what's happening within your company, in your industry, and on the larger cybersecurity stage.
If you make a commitment to keeping your policy current, you'll do well. There's no guarantee you won't be attacked, but at least you'll have a proper strategy for handling whatever is thrown your way.