Internet of Things (IoT) devices have become common in today’s workplaces. This trend is largely positive, too, with these gadgets offering many tangible benefits like increased efficiency and real-time data insights. However, you should also consider vulnerabilities when setting up these networks – including having unsecured IoT devices.
Workplaces are implementing more IoT devices, and many unknowingly provide cybercriminals with an expanding world of opportunities. It’s certainly possible to use these systems safely, but it requires action that many businesses and users overlook. Here’s a closer look at how unsecured IoT devices can create vulnerabilities and how to secure them.
How IoT Device Vulnerabilities Endanger Your Network
The Internet of Things has become just as popular among cybercriminals as it has with users. One report from cybersecurity firm Zscaler found that IoT attacks rose by 700 percent year over year between 2019 and 2020. Here are a few of the most significant reasons.
The biggest reason IoT device vulnerabilities are such a threat is that they expand your attack surface. The more items there are on a network, the more potential entry points hackers have into it. Consequently, modern businesses’ rapid IoT adoption means cybercriminals have more opportunities than ever to breach these systems.
Conventional electronics like computers present a similar issue, but the danger of IoT devices is that they don’t seem critical at first. However, cyberattacks often target the weakest link and move to more sensitive systems and data. An IoT thermostat may seem innocuous, but a hacker could use it to break into the network and jump to a work computer or server.
This concept is called ‘lateral movement,’ and it can be difficult to manage if you don’t know about it. As a result, IoT adoption without improved security can endanger your whole network.
Limited Built-in Protections
Compounding the threat of lateral movement is the fact that many IoT devices lack sufficient built-in security. Anti-malware software, automatic updates, and encrypted traffic are almost standard in computers and other workplace electronics. That’s not the case with the Internet of Things.
IoT devices tend to serve specific functions and come in small packages, so they may not have the computing power to support advanced protections. The security software you use on other items may not work on IoT, leaving holes in your security.
Poor default settings take IoT device vulnerabilities further. These gadgets often have weak passwords, with “admin” appearing 21 million times in a mere month of study. Similarly, multifactor authentication (MFA) and network encryption are often off by default.
The way IoT devices contribute to IT sprawl presents another challenge. Companies may have more connected devices on their networks than they realize, making it harder to understand the risks.
IT managers likely know all the companies’ IoT devices, but employees’ personal devices muddy the waters and create more unsecured IoT devices. Smartwatches and other wearables are becoming more popular, and workers are bringing potentially unsecured endpoints to company networks without administrators knowing. This may seem harmless at first, but it heightens the risk of lateral movement.
It’s hard to track every device employees may connect to the company network. It’s even harder to verify their security, as these gadgets likely lack the protections that IT professionals require from business items. Consequently, consumer devices may pose a risk even if a workplace has no IoT networks of its own.
How to Secure IoT Devices
IoT device vulnerabilities are concerning, but thankfully, they’re fixable. Once businesses know how these gadgets can threaten their networks, it’s easier to protect them. Here are a few of the most important steps to secure these items.
Segment Your Network
One of the most critical security steps is to segment networks. This addresses IoT’s most significant vulnerability: lateral movement. Potentially insufficient security is less of a concern if it’s impossible to jump from an IoT device to a more sensitive endpoint.
There are two main approaches to this step: using entirely separate networks on different routers or setting up guest networks for IoT devices. Some routers can support up to six guest networks, making segmentation easy, but using separate hardware may be more secure. That way, the router won’t become a potential access point to sensitive data.
Remember to create a dedicated network for employees’ personal devices, too. Businesses often use a guest network for customers. However, they should also have one for workers’ phones, smartwatches, and other gadgets to ensure their lack of security doesn’t endanger critical systems.
Change Device Settings
Another important step to secure IoT devices is to change their settings from weak defaults. The most obvious culprits here are passwords. Before letting anything else connect to an IoT device, you should change the password to something stronger and enable MFA if the system supports it.
Next, businesses should ensure they encrypt all IoT data. You may have a few encryption options on some more advanced devices, and if that’s the case, go for the strongest one possible. You can also change your router settings to encrypt network traffic as an added layer of protection.
Updates are another area where IoT default settings often fall short. Enable automatic updates to ensure your firmware always has the latest protections, and choose devices with verification tools.
Employ Stricter Device Policies
Companies should revisit their device policies. Bring-your-own-device (BYOD) policies are almost a standard practice today, with 83 percent of companies allowing them for at least some employees. However, only 32 percent require workers to register them to install security software, creating vulnerabilities.
Even if businesses don’t require personal IoT devices to have security software, they should ensure employees register them. That way, network administrators have a better idea of what their attack surface looks like, making securing it easier.
Companies with particularly sensitive data may want to ban personal IoT devices in the workplace to limit unsecured IoT devices. This restriction can help minimize IoT device vulnerabilities, whether that applies to all employees or just those working with sensitive systems.
IoT Device Vulnerabilities Deserve Attention
Device manufacturers may improve built-in security features as IoT security issues become more prevalent and businesses emphasize IoT security. That will make it easier to secure IoT networks, letting you experience their full benefits without worrying about their vulnerabilities.
IoT has many pluses, but if companies don’t address its shortcomings, it could be more dangerous than it’s worth. Learning about vulnerabilities and following these steps will help businesses ensure IoT security pitfalls don’t counteract their advantages.