The Internet of Things (IoT) has gone from one of those “space-age” concepts to something we see in our homes and offices every day. Smart speakers are now used widely and have begun heading into the office along with many other IoT devices.
It’s estimated that this year alone, 35 billion IoT devices will be installed globally. Further, 83% of surveyed companies say they’ve boosted efficiency through the use of IoT.
Amazon even now is pushing Alexa at Work, which provides a connection for its popular voice speakers to work productivity applications for hands-free functionality.
But the adoption of all these new internet-connected devices, such as IP security cameras, smart lighting, wireless printers, and more, into the business technology ecosystem, doesn’t come without drawbacks.
Malware attacks on IoT devices have increased by 220% between 2017 and 2019, and 98% of IoT traffic isn’t encrypted by the device, which means major data exposure.
Use IoT Responsibly in Your Workplace
Despite the security concerns, IoT isn’t going anywhere, and use will continue to accelerate as more business tools become internet-connected. So, what Massachusetts businesses need to focus on is setting up and those new smart devices securely.
Here are several tips to ensure your IoT devices aren’t leaving your network exposed to a breach.
Immediately Change Device Passwords & Usernames
IoT devices will typically come with a manufacturer default username and password to allow you into the system settings to set up the device. Hackers have lists of all of these and will often begin attempting to breach devices shortly after they’re connected online.
It’s important as your first step during setup to change the default username and password used to access the device. Remember, the device name is often the name that appears on your network. Here are a few rules of thumb when choosing a device name:
- Don’t use personally identifiable information (e.g., your address or business name)
- Don’t use the device name or manufacturer’s name (this makes it easy for the hacker to know how to get in)
- Don’t identify where the device is (e.g., “Front door security camera”)
Update the Device’s Firmware
Another initial step you want to take during device setup is to download and install any firmware updates.
The firmware tells a device how to operate and it is often targeted by hackers. You should put all IoT devices on a regular schedule to check for and apply firmware updates to keep your network secure.
Put IoT Devices on a Separate Network
In the technology world, IoT devices are considered one of the least secure, while computers and servers are considered the devices that hold the most valuable information.
By sharing the same Wi-Fi with an IoT device, you put the data that computers and servers contain at a higher risk of a breach. Hackers can often use an IoT device to locate other devices on the same network. They can then unleash malware designed to spread and infect them all.
A best practice for setting up IoT devices at your business is to segment your router by setting up a guest network. Most routers give you the guest network option, which then creates another Wi-Fi network.
You should then connect IoT devices to the guest network and keep more sensitive devices, like computers and servers, on the other network. This provides an important level of separation that reduces data breach risk.
Disable Additional Features You Don’t Need
IoT devices often have additional sharing features that hackers can exploit to gain access to your device and network. Many of these will default to being in the “on” position, and you may not even realize they’re leaving you at higher breach risk.
One example is a setting in Ring security cameras and Amazon Echo devices that default to joining the Amazon Sidewalk shared neighborhood network. If you don’t turn this off, a portion of your business network bandwidth could be used by people who happen to be in range outside your business.
You want to be sure to thoroughly review each setting for the IoT device and turn as many off as possible to reduce risk.
Enable Multi-Factor Authentication
For any devices that allow it, you should enable multi-factor authentication (MFA). This makes it much more difficult for a hacker to breach the administrative login for your device settings.
During device setup, you should look for an MFA option right after you change the default username and password.
Don’t Let Smart Devices Put Your Business Data at Risk
Pro Tech Guy can help your Framingham business ensure your IoT devices are set up securely and are segmented properly on a separate Wi-Fi network for added protection.
Contact us today to learn more. Call 508-364-8189 or reach us online.