Image source: <a href=”https://www.freepik.com/free-photos-vectors/mockup”>Mockup psd created by freepik – www.freepik.com</a>
IoT seems to be the buzzword these. But as a concept, it’s not a new technology.
20 years ago, in 1999, Kevin Ashton at Proctor & Gamble coined the term ‘Internet of Things,’ way before it took over our lives. With over 6 billion connected devices on the planet now, the number could surpass 50 billion within the next decade.
That makes it clear – IoT is here to stay.
But what exactly is IoT?
Let’s find out!
So, what is IoT?
The term ‘Internet of Things’ basically refers to a gamut of interrelated devices, machines, and humans (or even animals), that has the ability to transfer data over a connected network. It doesn’t always require Human-to-human or human-to-computer interaction.
The benefits of IoT devices are endless. However, security concerns with respect to cyber-attacks remain a constant threat.
‘Most IoT devices are a hacker’s dream. Each smart device is potentially another way into your home – to access your data, abscond with your money and steal your identity’, opined Michael Gazeley, a cyber-security expert at Network Box. That’s why, when it comes to your IoT devices, taking any risk whatsoever is never an option.
As they say, ‘Better safe than sorry.’
Here are some useful tips to protect your IoT devices from cyber-attacks:
1. Rename your router
It may sound very childish, but renaming your router can go a long way in preventing cyber-attacks. A lot of times, the router name set by the manufacturer involves hints to the model and make. This information can aid a potential hacker. To prevent this, it’s a good practice to change the default name.
2. Secure your router
Many cyber-attacks aimed at IoT devices can involve routers. Criminals can access your network through them.
A glaring example is the VPNFilter malware attacks of 2018. An attack that spanned 50 countries and affected over 500,000 routers.
Ensuring your router is absolutely secure is very important, and regular check-ups using online tools can help maintain that.
3. Update security patches
All of your smart devices inevitably send you reminders that there is a new security update available. Many of us don’t pay heed to those messages. But ideally, you should. System updates are offered to you by the companies to bridge any gap that your device may be having against external threats.
When you update, you secure your device against such attacks, but if you don’t, you remain vulnerable to potential cyber-attacks. Theoretically, you shouldn’t miss any security updates.
4. Disconnect your smart devices
An excellent precaution is to disconnect your smart devices when not in use. This could stave off many potential attacks. When smart devices are connected and are not in use, and a hacker breaches your network, they get immediate access to your devices.
Device breaches, particularly video-enabled ones like your smart TV or smartphone, can let hackers access highly sensitive personal and business data, which can be extremely harmful in the long run. It’s a good practice to keep your devices disconnected and off the grid when not in use.
5. Employee training
Your employees handle the bulk of the business for you. It is imperative that they understand what they should and should not do.
Malware attacks targeted at IoT devices are on the rise. In fact, the 2019 Internet Threat Report of Symantec reported that the number of malware attacks increased by 25% in 2018. And a major part of it is done through emails.
Unsuspecting employees open emails that are laced with malware, only to inadvertently infect and compromise business data.
Take a look at this. According to Breach Investigation Report 2019 by Verizon, emails were responsible for 92% of malware attacks in over 60 countries.
To avoid these incidences, proper employee training is of paramount importance, and considerable investment should be made on it. Employees should be regularly updated about current safe practices, offered hands-on training, and tested at regular intervals to keep them up to date with the market.
If possible, make sure to encourage and even provide funding so that your employees can acquire legitimate cyber-security certifications.
6. Password protect all devices
The least you can probably do while ensuring the security of your IoT devices is ensuring that they are password protected.
Many devices, including routers, come with a default password that can’t be changed. Those are very easy targets for hackers since the passwords are public knowledge. Those devices or routers should be avoided entirely.
When you are setting your password, a good practice is incorporating a healthy mix of symbols, characters, and numbers. A long and strong password makes it exponentially harder to be breached.
7. Use separate passwords for devices and accounts
The majority of businesses use the same password for different accounts and devices on a network.
There are very few things that are more dangerous when it comes to your data security. Because once a hacker is onto your network and a device, they essentially have access to all the accounts across all devices, simply because the passwords are the same. So, in essence, once an account is compromised, you give up your entire database in such a scenario.
Businesses tend to think ‘This can’t happen to me.’ Well, it can, and it just might. Even Yahoo!, with all its clout, had to suffer a cyber-attack in 2013 that compromised it’s 3 billion accounts.
So it’s better to bridge any gaps your business security may have, rather than rue it later.
As Mike Tyson once said, ‘Everyone’s got a plan until they get punched in the mouth.’
8. Universal Plug and Play (UPnP)
Disabling the UPnP on your business devices is one of the things you should immediately do if you haven’t already. UPnP allows the device ports to open themselves to an external network, making it extremely vulnerable to malicious attacks. UPnP also slows down your router speed in many cases.
A great example of UPnP attack is when 100,000 routers were infected across homes and businesses, taking advantage of UPnP flaws.
UPnP should not be kept ‘on’ at all times. When you’re not using it, turn it off, to save yourself a truckload of trouble later, just in case.
9. Install firewall
A firewall is a virtual wall that helps prevent cyber-criminals, hackers, and viruses from breaching your security over the Internet by denying unauthorized traffic.
Some computer systems come with a default firewall, which may be sufficient in maximum cases.
If you still feel you should get additional security, you can install one yourself, tailored to meet the demands of your business entirely.
Wrap-Up
Data breaches are fast becoming a part of life, albeit a bitter one. No business is free from its attack, whether it be a small business or a Fortune 500 company. The average global cost of a data breach is $3.6 million, and its set to increase year-on-year.
And according to the Hiscox Cyber Readiness Report 2018, 7 out of 10 businesses are not prepared to respond to a cyber-crime.
It is time we became serious about fighting this threat, and the start should be with securing our IoT devices.
Author Name: Lucy Manole