Monday, 13 February 2017

IoT Security Tips for SMEs

IoT Security Tips for SMEs

There’s much hype about the Internet of Things (IoT) and the endless possibilities of a hyperconnected future. However, 2016 saw a number of DDoS attacks in which attackers exploited inherent security vulnerabilities in IoT devices to take down big name websites such as Twitter, Netflix and Spotify.

The range of ordinary devices which are now being internet-enabled is growing. Whether these devices are contained within homes or businesses is largely irrelevant to the security risk they pose to businesses, since the growing trend of flexible working is now exposing business data and networks to potential threats in employees’ homes as well as public places.

In this post, we explain the growing importance of IoT security and offer some top tips for keeping your business safe.

 

Understanding the growing need for IoT Security

Gartner has predicted that over twenty billion devices worldwide will be connected to networks by 2020. IoT promises a not-so-distant future in which our lives will be enriched even further by the convenience and efficiency that technology brings.

Think fridges that remind us to order groceries, coffee machines that have a nice warm drink waiting for us when we arrive home from work and smart traffic lights that don’t leave us waiting when there are no vehicles coming the other way. The possibilities are endless.

The trouble with so many devices being connected to the internet, however, is that it creates more opportunities for hackers to exploit vulnerabilities.

Unfortunately, security is often low down on the list of priorities for manufacturers of these devices, with security patches few and far between. Users, too, are often at fault. Many don’t realise that these devices potentially pose a security risk and, with more and more web-enabled devices available, it’s easy to forget that things are even connected to a network.

Not to mention the widespread failure to change default factory passwords!!

Last year, we saw numerous DDoS attacks on big-name websites such as Netflix, Twitter, Reddit and Spotify, which prevented millions of users from connecting. The culprit for this was thousands of IoT devices such as web cams, routers, cameras and coffee machines, which were compromised by the bad guys to unleash a flood of traffic that took down the sites.

Each IoT device, which contains wireless sensors that allow it to connect to the internet, provides a potential entry point for attackers. If attackers can use these to bring down big websites, as seen in the recent DDoS attacks, you can be sure that they also present a security risk to every business network exposed to them.

As such, it’s important that businesses view every web-enabled device as a potential stepping-stone onto the company’s network.

 

Top tips for IoT security

1. Use strong passwords

When setting up new devices, always change the default passwords as these tend to be generic and, therefore, easy for hackers to guess, or use simple software to crack. Never use easy-to-guess passwords such as memorable words (like ‘password’) or names. Make sure any passwords are kept secure and not written down and left in full view for anyone to see. Find out how to create a strong password here...

2. Software updates

Always make sure that the software or firmware for all your devices is kept up-to-date.

Remember, it’s not just PCs and laptops that need updating, but all devices including routers, servers, network switches and anything else that is connected to your network. Make sure that manufacturer security updates are either installed automatically, or as soon as possible once they become available.

3. Protect your business from home networks

If your employees connect work devices to their home networks, then your business data could be at greater risk. Home networks are often poorly protected and this provides an easy way onto a business network for hackers. Make sure that your employees are adequately trained in cyber security best practice and that you take precautions to limit exposure to unsafe networks and protect company devices and data. You can find out more about this here.

4. Wi-Fi security

Some wireless security methods are much less secure than others. WPS (Wi-Fi Protected Setup) is known to be insecure, so be sure to disable this. WPA2 (Wi-Fi Protected Access 2) is the recommended standard when setting up wireless devices.

5. Data backup

Regular and routine data backups are an essential precaution. A thorough data backup and restore strategy is a worthwhile investment that will ensure business continuity and damage limitation in the event of a disaster.

6. Invest in DDoS protection

If your website is critical to your business, consider extra steps to protect it against Distributed Denial of Service (DDoS )attacks. Whether your website is targeted specifically or is taken down as a result of an attack on your ISP, your business could lose a lot of money from downtime. Some web hosting companies specialise in DDoS mitigation, but this won’t come cheap so it’s worth doing a risk-benefit analysis. At the very least, it’s worth doing some research to find out which ISPs have the best protections in place.

7. Limit IoT devices

Check which devices are connected to your company network and consider whether they are necessary. Only purchase IoT devices for which there’s a genuine need, or those that will bring a significant benefit to your workplace. Disconnect devices that you no longer use or need.

8. Employ IT expertise

Cyber attackers profit from ignorance. If you don’t already have dedicated IT staff with security expertise, then this is something to consider. If you can’t afford or don’t want to maintain an in-house IT team, consider outsourcing to a specialist IT support company. Perhaps consider having an audit of your current security infrastructure with expert advice and tailored solutions for your business. Would you meet baseline standards for security?

9. Invest in staff training

Many security breaches result from human error somewhere down the line. It’s vital to offer cyber security training to your employees so that they know the risks and best practices to protect your company. The cybersecurity landscape is ever-changing, so make sure that training is kept up-to-date if you want to protect your business against the latest threats.

 

Whilst it’s important to be cautious when it comes to IT security, there’s no reason to let fear paralyse your business.

IoT offers many benefits for businesses and, with the right protections in place, the risk can be significantly reduced. It’s not all about smart coffee machines and fridges; many companies are benefiting from gains in efficiency, productivity and profits by boosting connectivity in their workplace.

The hyperconnected future has a lot to offer and, for those that want to remain competitive, the transition cannot be held off forever. But, in today’s world, it’s vital that business owners keep up with cybersecurity developments and take steps to protect their networks.

Click below and share this article with your employees, colleagues or friends to improve their understanding of how they can help in the fight to stay secure.

 

Image source: Freerange Stock