5 ways to improve IoT security in your office
The Internet of things (IoT) is poised to have a significant impact on facilities management, threading its way through communication, energy, and other building systems. Smarter systems have the potential for automation, meaningful data, cost effectiveness, better efficiency, and more granular control, as well as easier installation and maintenance.
But all that networked goodness comes with a risk, for now at least.
According to the World Economic Forum, business execs cite cyber as one of today’s top threats. And the rise of significant denial-of-service (DDOS) attacks doesn’t make the IoT look any less risky; one in October 2016 deployed malware-infected devices to disrupt major sites like Twitter, Netflix, and PayPal.
But the IoT can’t be ignored. Devices such as smartwatches and other wearables, smart home setups, and even connected cars put the IoT within pinging distance of your network.
How can you improve IoT security in your office to mitigate the risks? Here are five ways to help keep your systems safe.
1. Hold onto a healthy dose of caution
While smart systems may be a good option in some situations, this may not be the right time to make a full-blown move to the IoT: Observers such as research company Forrester predict high-profile attacks in the coming year.
That’s enough to keep many a facilities manager awake at night. But Javvad Malik, security advocate at AlienVault, told TechRepublic such an event could also spur manufacturers to make security a higher priority for Internet-connected products.
“Everyday appliances (e.g., the iron, washing machine and dryer) are subjected to rigorous testing… but a similar approach is not being taken with respect to cybersecurity for IoT devices,” he said. “As a result, most are unsecure by design, and many vendors choose convenience (e.g., using default credentials in their appliances) over implementing proper security measures.”
2. Change your passwords
This may seem like IT Security 101, but login details are still too often overlooked. According to a report from Verizon, “63% of confirmed data breaches involved leveraging weak, stolen or default passwords.”
KrebsOnSecurity, run by security journalist Brian Krebs, was targeted by a device powered DDOS attack in September 2016. In the aftermath, he took a look at how the malware behind the attack accessed devices.
“In all, there are 68 username and password pairs in the botnet source code,” Krebs explained. “However, many of those are generic and used by dozens of products, including routers, security cameras, printers and digital video recorder (DVRs).”
Set passwords using harder-to-crack best practices. For example:
- The longer the password you choose, the better. Instead, aim for something at least 12–14 characters in length.
- Use a phrase. Using a series of words (e.g., a poem, a favorite quote) is much trickier to crack than a single word.
- Don’t repeat your password across sites. Similar passwords are fine, but avoid using the same one for more than one account.
Resetting your passwords on a regular basis can also help you keep this particular line of defense solid.
3. Keep software current
There’s a reason why people put off software updates: The risk of disruption seems greater than the risk of a security breach. Why target the little guy? Unfortunately, that’s exactly what makes smaller enterprises a bigger target.
Find a balance between stability and keeping things up-to-date. Also encourage employees to be proactive with updates to their own devices.
One challenge, noted by the Internet Engineering Task Force (IETF), is that “many IoT devices [are] un-patchable, and if they cannot be patched, they cannot be made secure.”
Instead, the IETF says, “there must be a way to detect the intrusion and deploy software updates to fix the security flaws.” What that solution might be will vary, but there are platforms available and in the pipeline.
4. Limit the risk of user error
Where possible, define user roles that limit access to systems and features. Doing so helps minimize the chance that someone could:
- Inadvertently make disastrous changes
- Be tricked into installing malware onto your system
- Leave your organization exposed if their login information is stolen
- Maliciously attack your business from the inside
Also, the fewer user interfaces needed, the better. Running multiple systems through one controlled gateway means your employees will only have one dashboard to figure out.
5. Have a comprehensive backup plan
Some devices don’t work when the power goes out. But will they work if your Internet gets bogged down? What if a device malfunctions or — worst case scenario — gets infected or hacked?
Creating a backup plan includes thinking through physical authentication. Pass cards, key fobs, and other scannable devices can control and track access — but they can also be shared, copied, or stolen.
While you may not be able to predict every possible scenario, have failsafes in place and ready to use if needed.
If the message here seems to be “Hurry up and wait,” well, it is. There’s no question the IoT is the present and future of facilities management. But don’t let that promise, or the fact that the capabilities are undeniably cool, blind you to the careful planning and deep research needed for its adoption to go well.
