We find ourselves in a world where an ever-increasing number of devices are communicating with one another for our convenience. With that in mind, when was the last time you reviewed which devices are operating within your network and what critical systems and information are those devices exposed to?
What Is IoT?
Internet of Things (IoT) refers to internet-enabled devices that can connect and exchange information with one another as well as with the cloud. IoT is more than just your typical devices (computers, mobile devices, etc.) - it includes smart TVs, smart speakers, smart light bulbs, smart watches, and the list goes on. IoT is coming at us in many shapes and forms, some of which are quite alarming, such as insulin pumps and pacemakers. We are now seeing businesses adoping IoT at the workplace. You get the point. And by all predictions, the number of devices is increasing at an exponential rate.
What Are the Risks associated with IoT?
Some companies producing IoT products, especially the unknown and cheap ones, do not necessarily have your security in mind throughout the product design process and beyond. There is also a massive target on the backs of these IoT devices since they are embedded so deeply in our operations and homes. For the above reasons, you can rest assured that cybercriminals are constantly looking for ways to exploit IoT devices.
There are also major privacy risks with many IoT devices set to listen out to certain words (ie. listen to entire conversations and sift through the data on the fly). Try talking about booking a trip to Zimbabwe in front of Alexa, and you may just find ads related to Zimbabwe vacations the following day. That example is benign but think about the risk to corporations and their intellectual property when a meeting is held in a room with an insecure IoT device.
Over the last few years we have seen cases of IoT devices being used to hack security systems, car functions being altered, credit card details stolen, and even medical scans being tampered with at hospitals. This is just the beginning and the more IoT devices we introduce, the more exposed we are.
How Can I Securely Introduce IoT Devices into My Home or Business?
Before introducing IoT devices into your home or business, it is important to do some due diligence. As more devices get introduced with the proliferation of IoT, policies and procedures must be put in place to ensure these devices are secure.
Some good first steps:
- Restrict IoT devices to connect to a separate network (e.g. guest Wi-Fi)
- Change the default password as soon as you connect your device. Be sure to use a complex & unique passwords throughout all your devices and accounts and seek out help from your IT provider or Cyber Unit if you are struggling with passwords.
- Use two-factor authentication as an extra layer of security. If a two-factor authentication feature is not available, consider replacing the device right away as it is an indicator that the vendor does not pay attention to security
- Ensure data generated by IoT items is encrypted
- Turn on automatic updates or schedule manual updates into your calendar
- Read reviews and security ratings on your manufacturer/product of choice
- Turn off devices when not in use and/or consider turning off unnecessary features
- Consult with your IT provider or Cyber Unit for a second opinion