How to Secure IoT Devices

Eleanor Bennett -
Illustration: © IoT For All

Whether it’s a convenient smart home or a business optimized for efficiency and productivity, the Internet of Things (IoT) has become an indispensable part of daily life and modern business operations. However, as the network of smart devices grows in number and complexity, it’s become increasingly apparent that the risks they bring about can no longer be ignored in favor of all their benefits.

During the past couple of years, IoT came under vicious scrutiny due to its weak security. Close to 70 percent of organizations suffered from an IoT-sourced cyberattack worldwide. The numbers are only expected to grow as IoT use increases, and hackers become more familiar and comfortable with the tech.

How to Keep IoT Safe

There are countless ways you can secure your IoT network devices and minimize the risks. Some are more complex than others as they provide different levels of security.

Whether you implement all suggested security measures or not should depend on your threat model and if the risk is greater than the effort. Starting from the least complex measures to more intensive solutions.

Skip All Defaults and Double-Down on Passwords

The least you can do to ensure your IoT network and devices remain secure is setting strong passwords and usernames different from the default mode. When it comes to passwords, change them regularly every 30 to 90 days. If you have a complex network with numerous devices, utilize a password manager to avoid using similar or straightforward passwords—which puts you at a greater risk.

When you first add a device to your existing network, go through its settings, and customize it to your exact needs, disabling features you don’t use. Most modern IoT devices connect with networks and other devices when they’re in close vicinity. While that might be beneficial with an active office environment, it also creates a security gap, where an unauthorized user could easily connect to your network.

Use Multi-Factor Authentication

Multi-factor authentication (MFA) is your backup if your password fails, either because it was in a data leak or an attacker figured it out through brute force. Like other security measures, the complexity and number of authentication steps you add should correlate to your threat model and the level of security you’re after.

MFA can be as simple as receiving a text message with a unique code every time you log in or generating a code natively on your smartphone—which are options for two-factor authentication. Higher MFA levels include physical authentication, where you need to insert a physical key—usually a USB stick—to log in. In high-security networks, MFA includes biometrics or verifying the time and geographical location before allowing you to log in.

Keep Software Up-to-Date

Software updates aren’t just for a sleeker user interface or added features. They often fix old bugs and patch security vulnerabilities. Failing to keep IoT devices’ software up to date at all times leaves your network susceptible to attacks, especially if they’re connected to the internet often.

Encrypt Your Connection When You Have to Go Online

There are multiple ways you can secure your internet connection by encrypting the data exiting your internal network and disguising any sensitive information or vulnerabilities. One of the simplest ways to do it is using a VPN. A VPN changes a device’s IP address and encrypts all the data leaving it, creating an additional layer of security. Most VPNs also offer a “kill-switch” feature, where it kills your internet connection if the VPN crashes. That ensures your IoT device never makes contact with the open internet unprotected.

Secure Internet Connection

Starting with the router, which is the gateway between your IoT devices and network to the open internet. Left unsecured, it’s an easy opening to exploit by outsiders. For routers, replace the default network name, admin username, and password with secure alternatives and change them regularly.

Second, set the highest level of encryption your router has. If it only supports weaker levels, consider upgrading to a newer router that supports WPA2 encryption. You can also take internet security one step further by creating separate networks for your IoT devices and personal devices.

Set a Monitoring System

In environments that host elaborate networks of IoT devices and use them to run critical operations and analyze sensitive data, it’s essential to keep a close eye on the state of the devices and data flow. A monitoring system is a system that tracks your devices’ health and sends out alerts if anything is out of the ordinary. That could be an unusual data flow, suspected unauthorized access, or connection to the internet and other devices in the network.

Utilize Network Segmentation

Network segmentation is the process of splitting an internal network into multiple, separate sub-networks. While the segments can communicate on occasion, they’re generally independent and isolated from one another. A flat network, where all devices are connected—including IoT and employee devices—are often protected by a firewall or endpoint protection and detection software.

In the case of a successful cyberattack, the attacker gains access to the entirety of the network. Network segmentation prevents that by minimizing damages and limiting the attack area. It also allows you to focus on limited security resources on segments with the most critical data.

Focus on Flexibility and Scalability

Regardless of the different security measures you decide to implement; it’s important to consider scalability and flexibility, especially with the more complex security solutions. Switching to a smaller or larger network of IoT is inevitable as needs and budgets fluctuate. Having a flexible security system in place will allow for a smoother and safer transition when needed.

Author
Eleanor Bennett, Logit.io

Contributors
Guest Writer
Guest Writer
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All. If you're interested in contributing to IoT For All, cli...
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All. If you're interested in contributing to IoT For All, cli...