As more and more Internet-connected devices find their way into our homes and businesses, it’s important to remember that they represent a security risk. The Internet of Things (IoT) is growing rapidly, and in the rush for convenience, our privacy and safety is often an afterthought. Leaving them unsecured is the digital equivalent of leaving the back door unlocked.
There are 5.5 million new things getting connected every day in 2016, as we head toward more than 20 billion by 2020, according to Gartner. That’s an awful lot of devices. They might bring all sorts of handy new features, but, whether it’s the latest cutting-edge baby monitor or a wireless doorbell camera that links to your phone, it’s also a network-connected computer and should be treated as such. Here are eight tips to help you secure those IoT devices.
1. Don’t connect your devices unless you need to.
The first step is to consider what functionality you need from the device. Just because your TV or fridge can connect to the internet, doesn’t mean you definitely want to hook it up. Take a good look at the features it offers and learn exactly what internet connectivity brings before you connect.
2. Create a separate network.
Many Wi-Fi routers support guest networking so that visitors can connect to your network without gaining access to shared files or networked devices. This kind of separation also works well for IoT devices that have questionable security.
3. Pick good passwords and a different password for every device.
It’s very important to pick strong passwords, but you must also make sure that you pick a different password for every device. If a hacker manages to get one of your passwords, they will typically try it with other services and devices. Reusing passwords is not a good idea. Use a password manager to keep track of all your passwords.
4. Turn off Universal Plug and Play (UPnP). Sadly, UPnP can make routers, printers, cameras and other devices vulnerable to attack. It’s designed to make it easier to network devices without configuration by helping them automatically discover each other. The problem is that hackers can also potentially discover them from beyond your local network because of vulnerabilities in the UPnP protocol. Is best to turn UPnP off completely.
5. Make sure you have the latest firmware.
If you want to make sure you have the latest security patches and reduce the chances of a successful attack, then you need to keep your firmware fully updated. Vulnerabilities and exploits will be fixed as they emerge, so your IoT devices and your router need to be regularly updated. Automate this wherever possible or set a schedule to check for updates every three months or so.
6. Be wary of cloud services.
7. Keep personal devices out of the workplace.
Don’t take your personal IoT devices to work. There are lots of potential security concerns for wearables. Every enterprise should have a clear BYOD policy, and it’s often a good idea to prohibit personal IoT devices from connecting to the network, or at least limit them to a guest network.
8. Track and assess devices.
Businesses need to track everything connected to the network and monitor the flow of traffic. Devices need to be assessed to determine the level of access they should have, to keep them fully patched and up to date, and to protect data end-to-end to preserve its integrity. Unknown devices should flag an alert. Understanding which devices are connected and what they’re doing is a prerequisite for proper security.