Connected devices, sensors and the vast amount of data which can be collected all offer new vectors of attack for unscrupulous actors. And just as serious are the repercussions that businesses could bring on themselves if they fail to get to grips with these challenges.
If you run a small business, this alone could be enough to put you off the idea of the Internet of Things (IoT). After all, if hackers are able to breach the defences, and cause big problems, for huge multinational targets such as Equifax or HBO, what chance does the little guy have?
Making use of IoT now, could propel your business forward
This line of thinking, though, is a mistake. For a start, IoT offers some huge opportunities, and really, they are just too big to be ignored, no matter what size your organisation is. It’s probably the biggest shake-up of the way we do business since the invention of the internet – basically, getting in now, is the equivalent of getting in on the online boom back in the mid-90s. Can you afford to miss out?
Cyber security options are continuously being developed and improved
And secondly, you may be a small fish – but that no longer means you have to settle for second-rate security measures. Cyber security – particularly related to cloud technology and IoT is a big -and growing – business. Which means there are a growing number of solutions, and solution-providers, all competing for your business.
Don’t get me wrong – security is still a big challenge. That’s the main point I want to get across in this piece. But it isn’t insurmountable by any means. Like any other part of your business, it’s essential that you create a strategy for securing your data assets, and your smart, connected IoT infrastructure. Get it right, and the rewards of getting in early on the gold rush will be yours for the taking.
IoT is about connected devices talking to each other, sharing data, and the way we can use insights from them to make improvements in both our personal lives and our business. Think of Fitbit fitness trackers that tell us whether we are getting enough exercise, self-driving cars and smart security cameras that can alert us to intruders even when no one is monitoring them.
All these devices have the potential to leak data, and offer potential access points to anyone looking to steal it. If they aren’t properly and securely set up, taking over your smart camera system could be as simple for a hacker as scanning for devices and then plugging in default admin passwords.
If your customers have trusted you with personal data which gets lost in this way, not only is there a potentially irrevocable breakdown in trust between you, but you could get hit with stiff penalties. This will be even more true when GDPR comes into play very soon.
Another attack strategy involves taking over connected devices – which can be anything from industrial machinery to security devices to kitchen utensils – and using them to carry out attacks on other systems. This involves infecting them with malware (often possible because their operators haven’t changed default access credentials, as mentioned above) and then hijacking their central processing unit (CPU) power to carry out brute-force DDOS (distributed denial of service) attacks against more secure targets.
If you’re the owner of equipment that gets hijacked in this way, you may not even notice it without careful analysis of network traffic leaving your organisation. However, it will mean that critical machinery will be operating at sub-optimal levels of performance, bogged down with malware, costing you time and money.
All of this hassle can be avoided with a robust security strategy, and a good start is to audit all of the devices which are networked within your business. Be particularly careful if you operate Bring Your Own Device (BYOD) policies, as it will mean that you will have to ensure that all of your employee’s devices meet your security standards, too.
With modern devices like Android phones or iPhones, or Windows laptops, this generally means making sure they are fully up-to-date with all the OS and manufacturer security patches installed. With these in place, you are protected (to some extent) by the best solutions that the likes of Google, Apple and Microsoft have available. In many cases this alone will present a huge challenge to even a determined hacker – certainly outdated and unpatched systems make things much easier for them.
Checklist when adopting the IoT in your business
There are certain measures you can take to help your business stay secure:
1. Always keep an up-to-date inventory of what devices are on your network
2. Always keep an up-to-date inventory of what devices are connected to the internet
3. Know which devices might be accessible from the outside world through other protocols.
4. If a device doesn’t need to be networked to carry out whatever you need it to do, then don’t connect it to your network.
Like all security, IoT security often comes down to common sense. Don’t leave your front door open and the keys to your car in plain sight of any passer-by. Don’t be scared of the technology – to the point where you miss out on the opportunity it offers – but be aware of the risks and vulnerabilities, make a strategy to deal with them, and a plan for if things go wrong.
Find out more about our Hiscox cyber and data risks insurance