6 Tips for Reducing Internet of Things Security Risks

As the IoT expands, small businesses need to take the following commonsense steps to reduce the risks the ever-expanding IoT presents.

The Internet of Things (IoT) is expanding at a rapid pace as product developers rush to install chips and sensors that connect to the Internet in a broad array of devices – from IP cameras to TVs, to printers and garage doors.

IoT has only been around since 2009, but according to industry analyst Gartner, nearly five billion IoT-connected devices were installed last year, and by 2020 there will be more than 50 billion connected devices.

For small businesses, rapid IoT adoption can pose security risks that are similar to the vulnerabilities the “bring your own device” (BYOD) trend introduced with the widespread use of employee-owned mobile devices for work purposes.

But the threat may be even greater with the IoT since there are more endpoints. An Atomik Research survey recently found that home offices already have an average of 11 connected devices, including items like printers, scanners, video equipment and WiFi routers.

The problem is that many connected devices aren’t built with security foremost in mind, and as a complicating factor, they are typically connected to a central home office or small business WiFi router.

The average WiFi router isn’t designed with security as a top priority either. In fact, a 2016 Wall Street Journal-sponsored study found that of the 20 popular wireless routers evaluated, only six had current firmware, and just two used robust password protections. Worse yet, these routers aren’t set up like corporate firewalls and unified threat management (UTM) solutions to protect all the endpoints on the LAN.

Device developers aren’t the only group excited by the possibilities of IoT; hackers are eager to exploit vulnerabilities as more IoT devices come online. They are looking for ways to gain entry into home or business networks, where they can acquire access to sensitive data. Only 20% of IT professionals surveyed by Atomik were confident in the security of new-to-market IoT devices.

Many small businesses (let alone home offices) don’t have IT professionals on staff, so they are even more at risk than larger enterprises as the IoT expands. But there are commonsense steps small business owners can take to reduce their risks, including the following:

  • Put devices behind a proper firewall: Make sure that your LAN, and all your IoT endpoints, are protected by something stronger than an off-the-shelf WiFi router. Consider a next-generation firewall (NGFW) or UTM solution that can provide enterprise-grade protection at the gateway to the Internet.
  • Identify what devices are connected: The first step in securing a small business network is identifying which devices are “calling home.” A next-generation firewall or unified threat management system with the ability to tie traffic to MAC address can provide information on what requests devices are making.
  • Set up a separate local network for IoT devices: A segmented network provides an extra layer of protection in case a device is breached, so it’s a good idea to establish an IoT-only local network. Better yet, prevent IoT devices from accessing the network at all unless absolutely necessary.
  • Use complex, unique passwords for each device: Many small business owners fail to reset device passwords from the default setting. To keep hackers out, it’s a good idea to choose a unique, complex password for each IoT device and change the password frequently.
  • Keep software up-to-date: When changing passwords, it’s also advisable to check the software for each device and make sure the most current version is in use. Device developers may push out patches and other security enhancements with new software releases.
  • Disable unneeded features: One way IoT device makers try to stand out from the crowd is to pack products like TVs with features such as cameras and voice-recognition software. Hackers can exploit these features to breach privacy, so it’s a good idea to disable capabilities that aren’t used.

The IoT trend is accelerating, as are attempts by hackers to exploit IoT endpoints to gain access to sensitive information. Small business leaders who want to safeguard their data and privacy should therefore take steps to secure their networks.

It starts by recognizing that many IoT devices aren’t designed with security in mind, so it’s up to the user to make sure the device doesn’t become vulnerable to hackers.

Technology can help small business owners reduce vulnerabilities, with firewalls to add a layer of protection, applications that notify business owners when a new user attempts to log in or gains access to a network, and WiFi routers that enable users to accept or deny network login requests.

With more knowledge and better security practices, small business owners can reduce IoT’s big risks.

Timur Kovalev is CTO of San Jose., Calif.-based Untangle, a provider of cybersecurity software and appliances.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters