The term Internet of Things (IoT) encompasses every device that is connected to the Internet and is collecting and sharing data. These devices include computers, phones, watches, refrigerators, coffee pots, smart plugs, pet cams, and the list goes on and on. Most of us are guilty of indulging in the efficiency and convenience of IoT in some fashion, but it’s not likely that many are dwelling on the potential security risks to your business’s network.
Why is IoT such a security risk?
Cybercriminals look for weak points in security when trying to access a business network. Figuratively speaking, you may bolt and chain your business’s front door with anti-virus software, but if a window is left open, breaking in is simple. Any improperly configured device that connects to your network is a potential entry point, even the seemingly harmless devices.
A Juniper report estimates 50 billion IoT devices by 2022, which makes perfect sense as so many SMBs are migrating in this direction to cut costs and boost efficiency and logistics. However, the rate that these devices are becoming a business standard is causing security challenges, straining small businesses on tight budgets. Businesses that continue to operate without IoT security measures in place are putting their data at risk.
While the level of security will vary with the number and type of devices, there are universal precautions listed below that businesses should implement to lower these risks:
Use Strong Passwords
Enforce strong passwords across all devices. We recommend that every login/device has a different unique password with at LEAST 14 characters, 1 uppercase, and 1 special character. Make it fun! Replace letters with numbers and special characters, be creative. For example, if your current password is your dog’s name ‘Elvis’, you could try a passphrase like ‘3lv1$1$th3B3$+’which translates to ‘Elvis is the best’.
Add Multi-Factor Authentication
Multi-Factor Authentication is the single most effective tool to protect an organization against remote attacks and when implemented correctly, can prevent most threat actors from easily gaining an initial foothold into your organization, even if credentials become compromised.
Don’t Forget Your Anti-Virus
Adding a new device to your network is equivalent to adding another endpoint, or open window. Therefore, each device must be correctly set up and secured to avoid it becoming a point of entry for an attack. Next, confirm that your anti-virus software and firewall are in place and up-to-date.
Run Your Updates
Patches are typically produced to fix a known security vulnerability, so if you click ‘remind me later’, you’re putting yourself at unnecessary risk. Updates can be annoying and seem to happen at the worst possible time, but running them is critical, and they can be put on a schedule.
Limit Access Permissions for All
Unless accessing data is essential for an employee to perform their work duties, all permissions to data should be denied. If an end-user doesn’t have access to business data, then neither will a cybercriminal should they gain access to that end-users’ device or account.
Security Training for All Employees
Most data breaches are due to human error, not a targeted attack, so fostering a multi-layered approach that includes training on cybersecurity, technology best practices, and company policy must apply to all staff to keep these security processes at the forefront of their minds.
You Must Have a Good Back-Up
It is imperative that your business is keeping secure backups. Backups must be checked and restored routinely to confirm that you do indeed have a good backup. This will greatly reduce the threat of losing data to a ransomware attack.
Stay Updated on SMB Security
The best way to improve your SMB security is to build a culture of commitment to reducing human errors and building a better understanding of security. It is vital that SMBs stay current on security trends and best practices to help improve security policies and be alert to the latest threats.