The Internet of Things (IoT) opens up endless possibilities for tech — both the good and the bad.
IoT devices have improved productivity, reduced home energy spending, and basically made lives easier. But they’ve also opened the backdoor for hackers and cybercriminals.
You might be thinking, “What could they possibly get from hacking my toaster?”
But no one’s laughing when hackers breach your corporate networks and retrieve a handful of sensitive information.
IoT throughout the years
IoT began in the early 1980s, when a group of Carnegie Mellon University graduates connected a Coke vending machine to their local Ethernet. This allowed them to know if the machine is stocked or if the Coke bottles are already cold.
Today, billions of things are connected to the internet — from watches, switches, thermostats, and even coffee makers. Soon, we’re looking into IoT vehicles, infotainment systems, automated teller machines, and medical devices.
A threat to cybersecurity
When it comes to cybersecurity, Singapore has a weak first line of defence.
In fact, almost half of Singaporeans have encountered at least one cybersecurity incident in the past year.
And despite 84 per cent of them that understood the risks involved, only 45 per cent installed security apps in their mobile phones.
This should concern SMEs and IT companies as they pick up on the bring-your-own-device (BYOD) trend. No matter how secure your system is, hackers will find every possible entry point to breach it.
You’ll never know the extent of a cyberattack until it happens to you. Don’t risk your business. Learn these five ways to protect your online assets in this IoT world.
5 Tips to Beef Up Your Business’ Online Security
Secure your devices with a VPN
Change default passwords
One way of mitigating cybersecurity risks is to use a virtual private network (VPN) on your IoT devices.
A VPN-connected device encrypts all traffic running to and from it. Even if hackers intercept this traffic, they wouldn’t be able to interpret it. This keeps cybercriminals from launching targeted attacks, such as a distributed denial of service (DDoS).
This is also what a Secure Sockets Layer (SSL) certificate or HTTPS does. It encrypts traffic and makes it unreadable to a third party. Make sure to secure an SSL for your website — especially if it contains sensitive data about you or your customers and clients.
It’s basically impractical to install a VPN on every desktop and mobile device in an office network. A solution to this is using a VPN router, which automatically protects every device it’s connected to.
For BYOD policies, make sure employees install native VPN apps to protect their devices even outside the office.
A Russian hacking group got into several IoT devices of Microsoft customers due to two things: one device didn’t get a security update and the other still had its default password.
Through these compromised devices, the hackers were able to access and move across the network in search of high-value data.
Individuals and enterprises can learn from this incident. Most manufacturer default passwords are universal and easy-to-guess.
The UK-Singapore IoT security pledge also brought up this major concern. In their goal to improve the security of smart consumer products, they recommend manufacturers to avoid common security shortcomings — such as the use of universal default passwords.
Protect your devices against cybercriminals. Here are some tips to create a strong password:
- Don’t be obvious. Stop using 123456 or password.
- Make it longer than 15 characters.
- Avoid “leetspeak” substitution, like p4$$w0rd or d00Rb3ll.
- Put in bizarre and unique words, such as a local business, a foreign word, etc.
- Use reliable online tools, such as a password generator and a password manager.
Use a multi-factor verification system
Skilled hackers can still crack the strongest of passwords.
This is why a multi-factor login is essential for any IoT device.
Add a second layer of protection to your assets by implementing two-factor authentication (2FA). There are different types to consider, including:
- A text message code — The most common two-factor form is the least secure of them all. SMS messages aren’t encrypted, so hackers can easily steal them.
- An authenticator app code — The code is sent through a mobile app, such as Authy, Google Authenticator, and the likes. An HTTPS connection protects the code so you don’t have to worry about hackers snooping in. Just make sure your device is free from malware.
- A biometric — This login form is common in enterprise settings. Specialised hardware takes a scan of your fingerprint, iris, or face. Although more advanced, hackers can still spoof it through 3D printing technologies.
- A physical key — Security keys are the strongest 2FA method. Since only legitimate sites support them, they keep phishing attempts at bay. Even Google finds them reliable.
To amp up your cybersecurity measures, you can implement multiple layers together for a three-factor authentication. This further minimises the attackable cyberspace — requiring the device, user, and application to authenticate the login.
Use effective mobile device management
Gone are the days when only desktop computers connect to a corporate network. Today, mobility is the norm, especially among digital enterprises.
Mobile devices, such as smartphones and laptops, make it easier to carry out the work.
For instance, web development agencies need them to test a website’s responsiveness to mobile. Plus, these agencies may be implementing BYOD — which further puts cybersecurity at risk.
The challenge falls to IT managers: How do you manage these devices with minimal security risk?
The solution is a good mobile device management (MDM) program. For a program to succeed, you’ll need reliable MDM software. This should benefit your business in many ways:
- Reduce IT administration
- Improve end-user productivity
- Reduce IT risk by streamlining cybersecurity measures
- Minimise mobile device spending as it helps optimise unused devices
There are several recommended MDM software in the market, such as Cisco Meraki, Jamf, and IBM MaaS360.
Educate employees about cybersecurity
Many corporate leaders are aware of the importance of cybersecurity. But not all of them are actually practising it in their businesses.
Truth is, good cyber hygiene is not just one department’s concern but the entire organisation’s.
All of your employees need to know the security threats they’re likely to face in the future. This includes how they work, how to identify them, and how to carry out the next steps upon getting them.
Here are some basic guidelines you can teach your staff:
- Don’t act on a certain email — like clicking on a link or providing information — if you’re unsure of its sender.
- Don’t give out sensitive information over the phone.
- Be conscious of what’s asked of a suspicious request, such as account credentials or personal information. These aren’t usually disclosed in blatant methods.
Enhance cybersecurity training by testing your employees. Conduct a simulation of a phishing attempt or a DDoS attack and see how they respond. This brings your staff one step ahead of the real risks out there.
Most people make the mistake of thinking a cyberattack won’t happen to them. And when you’ve got clients and customers relying on you, you can’t afford to make this mistake. IoT can take your business to greater heights — but only if you put the right cybersecurity measures in place.
Make sure to be with a secure hosting provider that won’t compromise your business.