The internet-of-things (IoT) keeps growing larger, and soon, our workplaces will be brimming with embedded internet-connected devices meant to keep us in close contact and improve our collective productivity. Optimistic estimates of 50 billion connected devices by 2020 may have been a bit far-fetched, but we’re not far behind—estimates for the number of currently connected devices range from 6.4 billion to 17.6 billion. However, there are some important security concerns with IoT that we’ll need to address before we accept the system as the new “normal” for American workplaces. Knowing what challenges lie ahead and proactively preparing for them is the best course of action for anyone in an IT position—and for most American workers in general.
IoT isn’t inherently more dangerous than any other kind of technology. It doesn’t suffer from inherently inferior security standards or firewalls, but there are a few vulnerabilities that, by the nature of IoT, make devices in its network a potential target. For example, IoT devices tend to collect lots of data, which could make any shared networks a prime target for cybercriminals looking to exploit that information.
Because these networks comprise many individual devices, it’s easier than usual to find a rogue vulnerability and infiltrate the network from there. because users may find it easy to pick up, exchange, or jump between devices, the opportunity for a connection or management mistake may be greater. Possible Solutions So what solutions can we use to proactively prevent these vulnerabilities from being exploited?
1. Centralize and tightly control users. First, you need to know who on your staff is accessing what, when, and where. Instituting a centralized management server that allows you to manage users, licenses, passwords, and access can help you do this. Only allow users to access the devices they need to perform their own duties, and keep close tabs on who’s using what. This will help you prevent a number of simple mistakes, and can also help you identify root causes in any potential breaches that unfold in your future.
2. Only purchase tested devices. There are hundreds of companies all racing to produce the best devices and software for the IoT era. On one hand, this is exciting because all that competition is spurring tremendous innovation. On the other, this is concerning because it means companies may be spending their efforts on getting devices to market, rather than making the best products they can. Do extensive research on all the IoT products you procure, and avoid buying anything in its first iteration. Pay attention to the brands with a history of secure and reliable performances, and don’t take unnecessary risks.
3. Forbid or control personal and professional cross-pollination. Many companies now have a BYOD (bring your own device) policy, due to the ubiquity of personal laptops, tablets, and smartphones. In the age of IoT, however, this could be an increased liability. Using company devices on unsecured public networks could leave you vulnerable to attack, and any compromised device (including personal devices) that returns to your office’s network could cause a company-wide breach. You’ll need to consider forbidding this type of cross-pollination, or otherwise stating very clearly what security precautions are to be followed.
4. Instill better personal security habits. The vast majority of hacks and breaches are attributable to human error. You might have chosen a weak password; you may have failed to change your passwords regularly; or you may have fallen for a phishing scheme (or similar attempt to steal your credentials or introduce malware to your device). Since the possibility for human error is going to multiply with each new connected device you add, you’ll need to prevent this possibility by instilling your team with better ongoing security habits (and better knowledge of how breaches happen).
5. Keep your software up-to-date. It’s a simple step, but an important one. Most software developers and device manufacturers are going to regularly release new updates as they discover the inevitable vulnerabilities of their work and repair them. Simply keeping your devices up-to-date can protect you from hundreds of potential threats. Will these strategies be enough to completely secure your company’s IoT devices? Certainly not. There’s no such thing as a system, or even a device, that’s totally hack-proof; all you can do is make yourself a more difficult target, and prevent the majority of attacks—not the totality of them.