Discovering the ‘Internet of Things’
You arrive at home and the door unlocks because it knows who you are, sensing the key in your pocket. The lights switch themselves on and your favorite music begins to stream gently through the living area. It’s already the perfect temperature, and as you head for the fridge, you notice an alert on the screen congratulating you on meeting your exercise goal today and suggesting a tasty snack.
Okay, it sounds like a scene from a movie, but it’s actually reality today thanks to the Internet of Things (IoT). Almost anything that can be turned on or off is now able to be connected to the internet. An entire industry has popped up to help users create a custom experience designed around their unique needs. Electronic locks, lights, healthcare wearables and household appliances are just the beginning. IoT goes beyond devices you can use to surf the web – it’s a global revolution.
Adapters can transform even the most random appliance into a connected gadget, as well as add new layers of functionality. Cloud software is creating piggy-back connections, resulting in not just a new experience, but a new way of interacting with the data produced. It may all seem impossibly futuristic, but IoT is less about technology and more about enhancing relationships between people-people, people-things and things-things.
Millions of people are wearing a Fitbit or Jawbone to track steps and calories, while others are letting their fridge order groceries! The practical applications are almost endless, commonly including: GPS trackers on pets, home security via webcam, patient monitoring of blood pressure/heart rate, weather monitoring, and remote power points. No more worrying all day if you left the iron on, just push a button on your phone and know for sure it’s turned off.
Build trust in IoT connected devices
The benefits of IoT are undeniable; and yet, high-profile attacks, combined with uncertainty about security best practices and their associated costs are keeping many businesses from adopting the technology.
Of course, with all this connectivity comes risks. While the idea of having your toaster hacked is a bit mind-boggling, technology connected to the internet is open to exploitation. The webcam that allows you to monitor your pets may also allow other people to glimpse inside your home, but only if it’s not secured properly. Unfortunately, it only takes one small gap for a cyber-attack to get through, and once in, all connected devices are at risk.
Having your lights taken over by a far-away prankster may seem like a small risk, but gaps allow them into your computers, phones and tablets too. That’s the part the movies skip over – the networking protections that exist in the background, shielding against attacks.
Digital security must be designed into IoT devices from the ground up and at all points in the ecosystem to prevent vulnerabilities in one part from jeopardizing the security of the whole.
Securing the Internet of Things (IoT) does not require a radically new, complex set of ideas and principles. What it needs is an evolution of best practices that have been built up over many years in all areas of IT security.
IoT Security Steps
IoT devices are very different from each other, and securing them also depends on the type and model of the device. Inside an office building, a smart bulb will be from a different manufacturer than the smart printer; and the overall controlling system that runs through the whole office will have its own unique operating system. To effectively secure all these disparate IoT devices, an overarching multilayered security plan and constant maintenance is necessary.
Initial security steps when setting up IoT devices
Change default passwords and adjust security settings to fit your specific needs.
Turn off or disable any features that you don’t need.
For devices capable of using third-party applications, only use legitimate applications from valid vendors.
Update the device firmware and applications so that the device will be protected against known security vulnerabilities.
If you configure applications on devices, review the permissions they require and limit the access given to these apps.
Five Steps for Securing Networks and Routers
In an IoT-enabled environment, network devices and routers are also a cause for concern. One compromised IoT device can potentially be used to spread malware to other devices connected to the same network. For example, a smart printer can be used to infect office computers and other smart devices on the same network. Similarly, if a router is compromised, it can spread malware to all the devices connected to it.
Helpful measures to secure networks and routers:
Map and monitor all connected devices - Settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
Apply network segmentation - Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.
Make sure network architecture is secure - Users should set up routers with VLAN or a DMZ—segmentation and isolation mechanics that add an extra layer of security to networks.
Follow router-specific best practices - Enabling the router firewall, disabling WPS and enabling the WPA2 security protocol, and using a strong password for Wi-Fi access are just some of these practices.
Disable unneeded services like Universal Plug and Play (UPnP) - Poorly configured routers which had UPnP enabled were recently attacked, highlighting the need to disable or turn off unneeded features and services to prevent security mishaps.
This is just the start of securing IoT devices. We’re big fans of IoT and can’t wait to see what comes next!
Got an IoT device? Give us a call at 305 400 0992 to help you set it up securely.