More than ever, IoT has found its way into every nook and cranny of our lives. “IoT” stands for “Internet of Things.” An IoT device is any device connected to the internet for management or measurement. Items that we never thought to connect to the internet can now be controlled from anywhere. Tweak your home’s thermostat from the office. Set up your vacuum cleaner to clean your living room while you’re poolside. Receive automatic software updates to your sewing machine. See an ongoing graph from your bathroom scale (at your own risk). Changing or checking up on any number of devices around your home or business is now possible. While this is exciting, IoT can also expose the chinks in your system’s cybersecurity armor. In this piece, we’re going to explore the unique challenges with IoT security.
Why is security necessary for IoT?
IoT has put an immense amount of control in the hands of dedicated users. Want to check your home fridge from the office? Want to refill your cat’s food bowl while away on business? IoT technology gives you the power to do so. Though IoT technology has taken off, IoT security vigilance has to stay two steps ahead. We know — it may not seem like a huge deal for someone to hack your automatic vacuum cleaner. Still, what if someone hacked the internet-connected lock on your office building or home?
What is the biggest hurdle to IoT security? People.
Let us look at one example of how IoT devices can become security threats. Most of us wouldn’t think twice about connecting a new car stereo adapter to a mobile device via Bluetooth. Whenever a new device is connected to anything else, there is a level of permission granted to access information. Many of have been conditioned to scroll through the disclaimers and terms of service agreements. However, there is a lot to be learned from reading the disclaimer before connecting the Bluetooth adapter. For instance, we may learn that by agreeing to the terms of service, the manufacturer of the device has little if no responsibility for its own weaknesses. Yep — you may be assuming the risk. Remember that this particular device allows Bluetooth pairing and thereby control of the device without security authentication. Only when it’s too late could we then learn that someone else has paired with the Bluetooth signal that is connected to our mobile device. This mobile device is connected to our home or office secured wifi network whenever we’re within range. Yikes!
Yes, IoT devices provide exciting ways to control our world, but each one is also a potential access point to sensitive information. Until we recognize them as such windows and acknowledge the manufacturer’s disclaimers, the average IoT device user is the biggest security hurdle to IoT security.
What are some of the best IoT security measures users can take?
Beyond just not using IoT devices, there are some ways to protect your internet-connected devices from cybersecurity threats. Because we’d still like you to be able to feed your cat from three states away!
1. Secure your wifi and Bluetooth connections. This tip may go without saying, but it pays to keep complex passwords on your wifi and Bluetooth enabled devices.
2. Be familiar with which devices are connected. You can keep your networks safe by keeping tabs on what devices are connected to your wifi network or other devices via Bluetooth. Know the names of all of your connected devices as they would show up on wifi and Bluetooth. Periodically check to see which are connected. If something is connected that you don’t recognize, give them the boot. It could be a cybersecurity threat or simply your neighbor Larry piggybacking your wifi. Either way, it’s worth knowing.
3. Lock down your phone. If your phone can be turned on without a passcode, fingerprint, or face recognition authentication, this is the equivalent of leaving the front door of your home or office unlocked. In addition to a screen lock, enhance your internal security settings. Turn off any automatic pairing features with new Bluetooth and wifi signals or USB connections.
4. Educate younger users to remain vigilant. Children rarely understand the gravity of someone unknown accessing sensitive information. Establish rules for accepting new connections that require you to approve any new devices that will connect to your network or other devices.
5. Do not use unsecured internet connections. Free and open wifi sounds nice, but you may not realize how much of a window you may be opening to your device’s information. If the main internet connections you need to use are not password protected, consider also following this next tip…
6. Use a VPN. A virtual private network, or VPN, is an additional layer of encryption between you and a would-be hacker. Remember to use a reputable VPN service because your information is passing through their servers.
7. Get help in establishing an IoT security protocol for your organization. Having various IoT devices connected to your company network can open more windows for cybersecurity threats. Working with a professional Managed Network Services (MNS) expert, you can establish an IoT security protocol that fits your office’s needs.