The Internet of things can be described simply as devices that have connectivity to the Internet, and thus to a computing network. Many times these connected devices aren’t manufactured with security solutions onboard (or any security-minded foresight at all) so they can be fickle instruments when trying to onerously secure a network that includes numerous IoT devices. Today, we'll go over some of the threats IoT devices pose to your network, and how to reliably secure it from these threats.
Many devices on the Internet of Things have security problems. You’d think that they wouldn’t be much of a problem since they often have limited functionality. For example, a connected thermostat has a limited number of options (on/off, temperature adjustment). In fact, whether it is a CCTV camera, a smart refrigerator, a connected toy--anything that comes with Internet connectivity--is a potential threat to your home or business’ network. There are a myriad of reasons for this. They include:
- Insecure web interface - Every connected device has an integrated web interface that allows users to interact with the device. If not properly secured, these portals can allow unauthorized users to gain access to the device.
- Insufficient authentication procedures - Connected devices may have ineffective control mechanisms built in that could, if leveraged by hackers, provide unauthorized parties more access than they should be allowed if it were properly secured.
- Insufficient encryption - If the data that the IoT device gives off isn’t properly encrypted, it can be intercepted and compromised.
- Insecure network services - Vulnerabilities of where the network connects to the device can offer unwanted entities a pathway to infiltrate the network or the device.
- Lack of cloud or mobile security - Some devices come with cloud-based functionality, while others run off a mobile device. If these constructs aren’t properly secured, an IoT connection could present a pretty potent vulnerability.
- Insecure software or firmware - Often IoT devices lack the ability to be updated. Unfortunately threats don’t stop being developed and it can be a matter of time before a once secure device has a glaring vulnerability.
- Lacking Physical Security - If a hacker can alter the physical makeup of an IoT device he/she can gain access to the device’s settings, creating an avenue for major security problems.
For every threat there is a remedy, but really the best thing you can do is to be conscientious about the device you are connecting to your network. Every connected device could be the device to cause major problems for you. The industry is split about how exactly to secure crucial computing networks from the threats the IoT presents.
The generally accepted strategy to manage the IoT is one where the more things can be controlled from a central hub, the more secure the system will be. While it does make management easier, this strategy doesn’t completely provide the kind of comprehensive risk-based solutions needed to mitigate any IoT-fueled corruption. By not first doing a full risk assessment, especially these days, there is a decent chance of catastrophe. After all, security is about dealing with real threats.
The main problems are that most IoT-connected devices don’t come with comprehensive security and they can be altered by a network-attached user pretty easily. Take the driverless car. There is going to have to be a major enhancement in the way that these systems are protected if we hope to utilize automated systems to drive actual people around. Since the driverless car is effectively on a public network--and is not behind a firewall--it will need to have its own encrypted system in order to keep it from getting hijacked.
This brings us to one of the best ways to secure an IoT device on any network: ensure it is placed behind some sort of firewall. For the average business that is starting to deal with employee-owned IoT devices on their network, it is important that you have the person with the device, whether it is directly connected to the network or not, pass it by your IT staff. This way there is a legitimate chance, if something does happen, to assess where the problem started and how to go about mitigating the negative aspects of any attack.
In the future, there will almost have to be systems in place for all connected technologies where they keep updated with the latest security patches (or at least the latest firmware) so that there is very little chance that some of these extremely vile threats aren’t unleashed on your network.
Another way to manage the IoT devices on your network is to assign them to their own separate network. This strategy will absolutely work insofar as there is no way for your enterprise-level IT infrastructure to get hijacked or infiltrated with malware because of IoT-related devices. The problem with this strategy becomes cost. Not only do you have to set up an additional networking infrastructure, you also have to constantly monitor and manage it.
Finally, you can prohibit IoT devices on your network. As more and more consumer goods come with sensors and Internet connectivity it will likely become more difficult, but if you are threatened by the horror stories surrounding IoT-based hacks and infiltrations, doing away with the risk may be the best way to solve the problem until there is a workable solution that you think is right for your network.
Rest assured, the Internet of Things is not going to get any smaller any time soon. In fact, it’s going to be a major consideration for people, businesses, and governments for a long time to come. If you are worried about how Internet of Things technology is going to affect your organization, or you personally, reach out to the technology professionals at White Mountain IT Services. Our knowledgeable technicians will help you come up with a strategy to keep IoT devices from hurting your business. Call us today at 603-889-0800 for more information.
- IoT Security is a Key Business Concern The Internet of Things is everywhere, which means that potential security risks are also everywhere. Your business needs to take the risks presented by the IoT into account and prepare accordingly. What are You Willing to Risk?When devising a policy for your company concerning the IoT, you need t...
- Is It Safe to Have Your Browser Remember Your Passwords? Let’s be honest - not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability actually a good thing for your cybersecurity? The answer may not surprise you. Nope! While yes, the fact that we no longer ha...
- Tip of the Week: Easy to Remember Tricks for Windows 10 Working with your computer for so much of the day means you need to get as much productivity out of it as possible. If you can speed up some of the ways you access specific information, you can get even more done. Shortcuts are very helpful to this end. Here are some of the easiest and best ways you...
- Tip of the Week: Awareness Is Important When Surfing the Web We all love the Internet. We all use it almost every day. For this week’s tip, we’ll review a few ways to help keep yourself from getting in trouble while browsing. Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewha...
- Tip of the Week: Who Should Have Admin Accounts? Depending on their work roles within your organization, your employees will either have an ordinary user account or an administrator account. This can be one of the more stressful parts of managing a network, as the answer for who gets administrator access isn’t always clear. We’ll explain what an a...
- 3 Ways Email Encryption Keeps Your Messages Safe Encryption is a very important tool in today’s business environment, especially if you are trying to protect your email communications. Today, we’ll discuss the benefits of using encryption for your business’ communications solutions, but without an understanding of what encryption actually is, the ...