Although the IoT devices used have many disadvantages, it does not necessarily mean that they cannot be solved and overcome. There are a number of approaches businesses can take to secure IoT devices and minimize risk, with different complexity and importance.
1. IoT devices need to change the password
Password login and multi-factor authentication may seem like an obvious first step, but 47% of IT staff don't change their default passwords and settings when connecting IoT devices to their internal network. The same rules that apply to accounts and device passwords should be used on IoT devices:
(1) Change your password once every 30 to 90 days.
(2) Use complex combinations of random letters, numbers, and symbols in passwords in different situations.
(3) Use two-factor or multi-factor authentication.
(4) Use a password manager - or ditch written passwords entirely for passwordless logins.
(5) Avoid sharing passwords among employees through insecure communication channels.
2. IoT devices should be kept away from the open Internet
IoT devices only work when connected to a larger network or device or cloud platform. However, it's best to connect IoT devices strictly to a business's internal network, rather than the open internet.
That's because, according to a threat intelligence investigation report published by NETSCOUT, IoT devices are vulnerable to cyberattacks about five minutes after they connect to the internet.
3. IoT devices are cautious about auto-connect options
By default, most IoT and smart devices have the option to automatically connect to the network. This in itself is a security risk for the average person, while it can increase the risk of a business being exposed to IoT cyberattacks.
About two-thirds of global companies found more than 1,000 corporate or individual IoT devices connected to their internal networks. Unlike IoT services released by enterprises, there is no way to ensure that all of these services have the necessary improvements to their security.
In addition to putting up barriers that prevent unauthorized IoT devices from connecting to the network, implementing a monitoring system should also be considered. Businesses can use it to keep tabs on all the health of a device and be alerted when something unusual happens, such as an abnormal data flow.
4. IoT devices disable all unnecessary features
Most IoT devices have many default settings enabled for convenience and productivity over security. After adding a new IoT device to the network, you need to review its settings and additional features, and disable any features that are not in use. Any type of data or additional service provided by an IoT device can be a potential security breach.
5. IOT devices cooperate with security oriented IOT manufacturers
For IoT devices, software updates are less frequent. When an update is made, businesses typically focus on improving the user interface or implementing a new feature or two.
By only sourcing IoT devices from security-oriented manufacturers, you can also ensure regular updates, which include security updates and reports of fixed bugs and vulnerabilities.