The Internet of things can be described simply as devices that have connectivity to the Internet, and thus to a computing network. Many times these connected devices aren’t manufactured with security solutions onboard (or any security-minded foresight at all) so they can be fickle instruments when trying to onerously secure a network that includes numerous IoT devices. Today, we'll go over some of the threats IoT devices pose to your network, and how to reliably secure it from these threats.
Many devices on the Internet of Things have security problems. You’d think that they wouldn’t be much of a problem since they often have limited functionality. For example, a connected thermostat has a limited number of options (on/off, temperature adjustment). In fact, whether it is a CCTV camera, a smart refrigerator, a connected toy--anything that comes with Internet connectivity--is a potential threat to your home or business’ network. There are a myriad of reasons for this. They include:
- Insecure web interface - Every connected device has an integrated web interface that allows users to interact with the device. If not properly secured, these portals can allow unauthorized users to gain access to the device.
- Insufficient authentication procedures - Connected devices may have ineffective control mechanisms built in that could, if leveraged by hackers, provide unauthorized parties more access than they should be allowed if it were properly secured.
- Insufficient encryption - If the data that the IoT device gives off isn’t properly encrypted, it can be intercepted and compromised.
- Insecure network services - Vulnerabilities of where the network connects to the device can offer unwanted entities a pathway to infiltrate the network or the device.
- Lack of cloud or mobile security - Some devices come with cloud-based functionality, while others run off a mobile device. If these constructs aren’t properly secured, an IoT connection could present a pretty potent vulnerability.
- Insecure software or firmware - Often IoT devices lack the ability to be updated. Unfortunately threats don’t stop being developed and it can be a matter of time before a once secure device has a glaring vulnerability.
- Lacking Physical Security - If a hacker can alter the physical makeup of an IoT device he/she can gain access to the device’s settings, creating an avenue for major security problems.
For every threat there is a remedy, but really the best thing you can do is to be conscientious about the device you are connecting to your network. Every connected device could be the device to cause major problems for you. The industry is split about how exactly to secure crucial computing networks from the threats the IoT presents.
The generally accepted strategy to manage the IoT is one where the more things can be controlled from a central hub, the more secure the system will be. While it does make management easier, this strategy doesn’t completely provide the kind of comprehensive risk-based solutions needed to mitigate any IoT-fueled corruption. By not first doing a full risk assessment, especially these days, there is a decent chance of catastrophe. After all, security is about dealing with real threats.
The main problems are that most IoT-connected devices don’t come with comprehensive security and they can be altered by a network-attached user pretty easily. Take the driverless car. There is going to have to be a major enhancement in the way that these systems are protected if we hope to utilize automated systems to drive actual people around. Since the driverless car is effectively on a public network--and is not behind a firewall--it will need to have its own encrypted system in order to keep it from getting hijacked.
This brings us to one of the best ways to secure an IoT device on any network: ensure it is placed behind some sort of firewall. For the average business that is starting to deal with employee-owned IoT devices on their network, it is important that you have the person with the device, whether it is directly connected to the network or not, pass it by your IT staff. This way there is a legitimate chance, if something does happen, to assess where the problem started and how to go about mitigating the negative aspects of any attack.
In the future, there will almost have to be systems in place for all connected technologies where they keep updated with the latest security patches (or at least the latest firmware) so that there is very little chance that some of these extremely vile threats aren’t unleashed on your network.
Another way to manage the IoT devices on your network is to assign them to their own separate network. This strategy will absolutely work insofar as there is no way for your enterprise-level IT infrastructure to get hijacked or infiltrated with malware because of IoT-related devices. The problem with this strategy becomes cost. Not only do you have to set up an additional networking infrastructure, you also have to constantly monitor and manage it.
Finally, you can prohibit IoT devices on your network. As more and more consumer goods come with sensors and Internet connectivity it will likely become more difficult, but if you are threatened by the horror stories surrounding IoT-based hacks and infiltrations, doing away with the risk may be the best way to solve the problem until there is a workable solution that you think is right for your network.
Rest assured, the Internet of Things is not going to get any smaller any time soon. In fact, it’s going to be a major consideration for people, businesses, and governments for a long time to come. If you are worried about how Internet of Things technology is going to affect your organization, or you personally, reach out to the technology professionals at White Mountain IT Services. Our knowledgeable technicians will help you come up with a strategy to keep IoT devices from hurting your business. Call us today at 603-889-0800 for more information.
- Help! My Staff Hates My Company’s IT! Fellow business owners, do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your employees? Does it seem like your staff fights back tooth and nail when there is any technology change or IT restriction? You aren’t alone. More oft...
- A Brief Overview of Network Security The reliance the modern business has on its IT cannot be understated. As a result, to keep their computing network and infrastructure running efficiently, companies need to have a network and cybersecurity policy in place. With the development and use of organizational computer networks with multipl...
- Tip of the Week: Using Microsoft Word to Edit a PDF Document In case you’re looking for a nice alternative PDF file-editing software, the most recent version of Microsoft Word can do so. Since the investment for Adobe Acrobat isn’t for everyone, you can instead turn to the tried-and-true all-purpose word processing software to edit your PDF files. Open the P...
- Could Your Router be Infected with Malware? Certain threats out there are dangerous enough to cause major entities to warn against them. In particular, a recent malware by the name of VPNFilter has been deemed dangerous and prevalent enough that the FBI has addressed it. Since the malware targets routers (probably not your first guess in term...
- Can You Spot the Signs of a Malicious Link? The Internet is notorious for being a minefield of threats, many of which lurk hidden behind innocent-looking links. In order to go about business safely, you need to be able to identify which links you can click; and, which should be skipped. Unfortunately, spotting fraudulent links isn’t an exact...
- FREE Printout: Dos and Don’ts of IT Security The following guide is designed to be used by business owners and office managers as an educational resource to establish some basic IT security best practices in the workplace. Feel free to print it out and hand it out or post it in common areas. You work on important things. Let’s all work togeth...