The internet of things (IoT) has revolutionized the way we do business. Connected devices are at the junction of our physical world and the cyber world, allowing us to follow supply chains in real time, monitor physical plants and remotely control security cameras, alarm systems, thermostats and a multitude of other devices. With connected devices, businesses can collect data in real time to make proactive decisions. However, with smart technology comes new security concerns. Each device connected to your network is a potential opening for hackers.
This vulnerability has become dramatically evident with the rise of high-profile cyberattacks that have impacted popular websites such as Amazon, PayPal and Twitter. Hackers took control of connected household devices such as routers, security cameras, cable boxes and even baby monitors, and used them to launch DDoS (Distributed Denial of Service) attacks on DNS (Domain Name Servers) provider Dyn. Many of the connected devices had poor security protections, as they were small with limited computing power. Software running these devices were rarely, if ever, updated. Passwords are often hard-coded, making it easier for hackers to break a code and gain access. Device manufacturers haven’t given the security issue the attention it needs. That may be changing with help from the U.S. Congress.
In July 2019, a data breach hit Capital One allowing a hacker to access personal information from over 100 million credit card applicants. This is an alarming example of how cyberattacks have the ability to be widespread and very dangerous. Unfortunately, hackers can gain control of essential services by tapping into unsecured smart devices, which provides them a platform to make ideological statements or extort money. Washington has taken notice. The Internet of Things Cybersecurity Improvement Act of 2019, if passed, would require that all internet-connected devices sold to the federal government have specific security protections. This would encourage manufacturers to produce devices that meet the required standards.
How to keep your business safe
Businesses can protect their network by following the same precautions with smart devices that they use for securing their websites. When setting up a device, don’t automatically use default settings. Always change the default password to a strong password using upper and lowercase letters, numerals and symbols. Enable password lockout and encryption if these features are supported. Finally, question the necessity of each device you add to your network. Is it really needed and worth it?
The opportunities created by the IoT are exciting and has propelled manufacturers to continuously develop new ways to connect. In the rush to show off new products with new features, security often takes a backseat. Businesses, government and consumers are bringing more awareness of the dangers of cyberattacks, pushing manufacturers to address the issue. Without government regulations, the responsibility falls on you and your cybersecurity plan to keep hackers out of your network.