Tip of the Week: Are You at Risk Due to the IoT?

The Internet of Things has arrived. IoT devices are in our homes, in our offices, and in our pockets. While these devices can be incredibly convenient, they also contribute to major security risks. For today’s tip, we’ll review some of the ways to reduce these risks while still benefiting from the IoT.

The first decision to make is whether connecting a device to the internet will be a big enough benefit to be worth the inherent risks. Depending on the device, an Internet of Things device could be used to spy on you, steal your data, and track your whereabouts. If the device in question offers you a helpful, worthwhile benefit, it may be worth the risk. If the connected device serves little purpose beyond its novelty, or its purpose could just as easily be managed in some other way, it may be best to leave it disconnected.

Are You as Secure as You Could Be?
First and foremost, be sure to change any passwords associated with the device to a password which is longer than 12 characters and hard to guess (i.e. not password123). Avoid reusing passwords between devices and accounts, so even if one of your accounts is comprised, the rest of your accounts are safe behind different credentials.

Finally, you should always make sure that your firmware is updated so the latest security patches are applied, protecting you from the various exploits and vulnerabilities that the IoT may present. If possible, this process should be automated so that your IoT devices, as well as your router (which ideally is a corporate-grade firewall with security gateway features), are fully updated.

It may also be a good idea to check if your router supports guest networking. With guest networking, you can keep potentially risky IoT devices segregated from your main business network, protecting its contents.

Are Your Devices Properly Monitored and Managed?
Ultimately, the best way to keep your company safe from IoT issues is to establish rules regarding the use of these devices and monitor their permissions. Consider whether or not a device even needs to be connected to the office Wi-Fi network.  For example, many of your employees’ smart watches can connect both to their smartphones through Bluetooth as well as to the office network through Wi-Fi.  Connecting to Wi-Fi is likely not necessary for the smart watch, and possibly for their smartphone as well if the phone is not being used for business purposes.  Rotating your guest Wi-Fi password regularly and keeping your main Wi-Fi password private from most staff will help significantly with both security and network performance.

Monitoring your network can help you identify if any unapproved devices have made a connection. Agilitec IT can help. Call (702) 720-1700 to learn more