Are you aware of the risks that come with not properly securing IoT-connected devices? Do you know how to implement device security to protect both your personal networks and data, as well as those of your employer? If you can’t name all the smart technologies in your home, then your IoT device security is probably not up to par.
Most people can name the “big” devices that are networked in their home: computers, phones, iPads, printers. But is that really all of them? Many of us use devices every day that we might forget are even connected to our networks, including smart speakers, thermostats, security systems and even lamps and major appliances. In many cases, the technological capabilities that come built into these devices are so easy to set up and use that we may not pay much attention to the fact that they’re “smart;” we just know they make life easier. But effective IoT device security comes with a long list of challenges.
Smart devices are those connected on the so-called IoT – or Internet of Things. In the past 10 years, the total number of IoT devices has risen by 900% to approximately 9 billion, a number that is expected to reach 125 billion in the next 10 years. This growth highlights the rise in easy, smartphone-based access and control over our devices; almost every home appliance or system can now be controlled by an app. The question is, is this a positive change? On the one hand, IoT devices DO simplify things. But on the other hand, our lives are now filled with tiny, internet-connected computers capable of being hacked, just like any other computer.
How hackers can compromise IoT-connected devices
While a smart device getting hacked might seem like an odd or unlikely concept, it really isn’t. Hackers can exploit IoT devices in many ways, including stealing passwords, exploiting insecure or out-of-date firmware, or even injecting malware into a device that can then be used to infect PCs and other devices on your network. It’s even possible for hackers to use the information they glean from the hacked devices (i.e., using Alexa to listen in on personal conversations) to enact dangerous social engineering scams. With more of us working from home, a hacked smart speaker or home security camera could also mean the inadvertent leak of private business information. Finally, by hacking into a home security system, bad actors are capable of disabling alarms or accessing codes in order to physically break in.
If every IoT device was consistently maintained from a security perspective like computers are (or at least ought to be), the concern might not be so pressing. After all, when computers are maintained correctly and proper security protocols are followed – such as strong password use, avoidance of phishing emails and careful web browsing – security risks are minimal. Unfortunately, implementing IoT device security is more difficult than computer security. Smart devices are woefully prone to hackable vulnerabilities, as IoT For All does a great job at explaining.
For one thing, many manufacturers simply do not build the devices with strong security protocols in mind. Furthermore, the market is so competitive that manufacturers’ biggest priority tends to be getting their devices released first, even if that means that sufficient time has not been spent testing it for vulnerabilities. Finally, IoT devices tend to pass through a variety of different hands during manufacturing and release, leaving a number of gaps for security issues to develop and go undetected during the hand-off.
Beyond that, even if IoT devices are technically secure and possess all the necessary capabilities to be kept that way, there’s still the human component to contend with. Consider again all the IoT devices you might have in your house. Do you update them regularly the same way you do with your computer? Do you know how to check them to ensure that they haven’t been hacked? Would you know if your smart thermostat was infected with malware? Even for the most security-minded among us, it’s likely that our IoT devices just slip through the cracks. Given that fact, and that most of us will continue to live with at least some IoT presence in our lives, how can we go about securing IoT-connected devices?
First, minimizing the presence of smart devices is a good place to start
Weigh the respective benefits and potential risks of each device; do you really need a smart fridge, given that it could become an attack vector for a hacker to extract sensitive files? Some IoT devices are more necessary than others, but it’s reasonable to consider whether we utilize more of them than we need, merely for the sake of convenience. As you prioritize, do some research into which devices are considered the most risky; many security experts compile lists of the most commonly hacked devices that may help you prioritize.
Second, take stock of the devices you do have, and make a plan to maximize your IoT device security
Some manufacturers offer software updates that can help in securing IoT-connected devices. For devices that do, set reminders to check them periodically and update as available. You can also protect your devices by changing default passwords. Whenever possible, take the same precautions with your IoT devices that you would with your computer, and with the same regularity. If this isn’t possible, that may be an indicator that the device is more dangerous than it is beneficial.
Finally, be mindful of what devices are turned on when and what they could be compromised
Many smart devices – speakers are a prime example – are tracking more of your data than you might expect. Whether or not the device has been hacked, you may not want it listening in on important conversations or tracking your daily habits so closely. This is especially true in a work-from-home environment where company information, in addition to personal information, is being discussed and disseminated. During work hours, turn off any smart devices that have voice-recognition technology or could be used to track your work activity. Beyond that, keep in mind that any hacked device could gain access not just to your private information, but to your company’s network and data as well, making IoT device security an even more critical priority.
As internet technology matures, threats become more sophisticated. Attack vectors increase exponentially, making it feel nearly impossible to plan for every possible eventuality. However, recognizing that the threat is real and that there are steps we can – and must – take to counteract it is the first step toward IoT device security to protect your networks and data.
Global Learning Systems provides cybersecurity awareness training to help companies and their employees safeguard their networks and data. For more information on how to educate your employees to become more security-minded, contact us or request a demo.