Did you know, “90% of organizations lack full confidence” in the security of their IoT devices, according to the 2015 AT&T State of IoT Security survey? Chances are pretty high that you’re one of those organizations!
AT&T’s study found that in the last two years, vulnerability scans of IoT devices have increased 458%! There may be a ton of potential benefits from implementing connected devices, but with reward comes high risk. Have you implemented a security strategy with your IoT plan?
Follow these basic requirements, as outlined in the report, to secure a foundation of security for your connected devices:
Be up to date. Every device needs a way for you to ensure that its software and firmware are up to date. The ideal process is automated (e.g. software-over-the-air/SOTA and firmware-over-the-air/FOTA) and allows updates from an authorized source such as your IT department.
It can be reset. Every device must have a way to reset it to system default if necessary.
Do not allow default passwords. Default passwords are easy to hack and should not be permitted. Require your user to define a unique and secure password on their device in order to be granted access to the network.
Core services only. Do not accept services from a device that are not defined as required to support core functions.
Shut the back doors. Ensure that devices do not have entries that could be exploited by a vendor or others to gain access.
Get support. The device makers should provide good online support that includes manuals, updated instructions and access to updates. There should also be contact information in order to report any problems.
Label it. Put a basic label on each device that includes support information and information about the authorized operator.
Organizations in every industry are reaping the benefits of the new world of IoT implementations, but they come with risks. Make sure you’ve assessed these risks and are taking the best approach to securing devices, so you can see new business value while feeling confident about keeping potential risks in check.