4 Ways to Protect Your Business from IoT Vulnerabilities
Welcome to 2019; where the Internet of Things (IoT) is, well, a common thing now. The phrase, coined all the way back in 1999 by Kevin Ashton refers to the subcategory of devices that have computing mechanisms embedded in them to send and receive data via the Internet. Smart locks, smart mirrors, Alexa, home monitoring systems and on and on. The list of qualifying and life improving must have’s is ever growing. The impact of utilizing these devices has far reaching implications as well.
The Start of the IoT Home Invasion
In 2000 LG started the home appliance invasion of smart devices when it announced plans to design and launch the first Internet refrigerator. It received a chilly reception from customers, but back in 2000 dial up Internet – read slow Internet – was the standard. The fridge also came with a steep price tag, and consumers just weren’t as technology dependent and savvy as they are today.
In 2019 there will be 26.66 billion devices on the IoT. Compare that to a worldwide human population of just 7.7 billion and you start to get the idea why everyone needs to know what the IoT is and how it could affect them. According to Statista.com the number of these connected devices are growing at a rate of 6.96 billion worldwide per year, rapidly outpacing the growth of the humans in charge of them.
Why Businesses Should Be Concerned
In February 2019 McAfee found a way to hack into a personal home network via a Mr. Coffee’s coffeemaker. When you stop to think about all the data stored and transmitted to and from a home network and typically your employee’s mobile phones transition between their home and work networks, you can easily see why concern is warranted. Hackers work full time to find ways into potentially lucrative personal and business data to formulate schemes to infiltrate users. And considering that Cybercrime is a $1.5 trillion-dollar industry, what they’re doing works.
The simple fact that the IoT contains 346% more devices than there are humans to control them should tell you two things – the devices are cheap and accessible to just about anyone. This ease of accessibility translates into lack of sophistication from a security standpoint. Smart devices and the cloud that hosts their platforms just aren’t large or sophisticated enough to have inherently robust security parameters protecting the data. Thus, the responsibility of security is transferred to the end user via username and password establishment, biometrics (such as Apple’s Face ID), multi-factor authentication (such as Duo), etc. Fortunately for hackers, and unfortunately for end users and the businesses that employ them, the people using these devices tend to adhere to repeatability, using the same username and/or password for multiple accounts. There are just too many applications that we all use daily to remember unique usernames and passwords for all of them. Humans are also wired to think that “it won’t happen to me” and those cumbersome password hygiene rules are for everyone else.
What You Should Do
- Embrace the security measures your devices require of you and comply, comply, comply! Realize that good password hygiene, multi-factor authentication and face or thumb print recognition were all developed for a reason. Personal data is worth something to criminals and should be hard for anyone but the person who owns it to access it. For business owners who utilize a Managed IT Services provider, be sure the provider offers a robust password management system for your organization.
- Consider creating a separate network solely for IoT devices at home. With the line between work and home being forever blurred or nonexistent it is essential that data be appropriately siloed. Utilizing a home network for business without a VPN or appropriate security measures could expose confidential business data.
- If you own a small or medium sized business and outsource your IT, be sure to invest early in reliable equipment and vigorous security measures. Maintain a close relationship with your MSP and establish data breach/incident response plan. Many Managed Services providers will also provide Cybersecurity Awareness Training at no additional cost to their clients. If so, be sure to utilize this valuable resource to train all staff and executives on the reasons behind security measures. It may be worth evaluating company policy surrounding accountability of employees who expose businesses to breaches through noncompliance.
- Include security measures around the IoT in conversations with employees, children who use connected devices and less tech savvy parents or spouses. Increased awareness and education lead to a decrease in susceptibility.
Astute Technology Management
Serving Columbus Ohio and Cincinnati Ohio since 1998, Astute Technology Management is a premier outsourced IT and cybersecurity provider. Our job is to reign in vulnerabilities associated with your small to medium sized business’ immediate and remote networks. Our highly skilled and professionally trained and certified help desk in addition to our dark web monitoring services will ensure your data stays in your hands.