Five tips for securing your IoT devices

According to a 2017 Boston Consulting Group report, the market for IoT products and services is expected to reach $267 billion by 2020. Gartner estimates that there will be 20.4 billion IoT-connected components worldwide by 2020, and that more than half of major new business systems and processes will include an IoT component.

The adoption and use of IoT is progressing at a tremendous pace. Interestingly, many non-technologists do not realize that IoT networks are comprised of varying types of computers. Many of these computers are application-specific and are designed and hardwired to reduce costs. As a result, they provide limited options in terms of the software you can run, and whether they can be patched or even secured. Consequently, it is important to remember that an IoT device — as with any new computing device — brings with it inherent security risks.

That leaves the onus of securing IoT devices and the network on your IT staff. The following are some tips to improve your organization’s cybersecurity:

1. When software updates are issued, immediately install them. With the discovery of bugs and security vulnerabilities, IoT vendors will release a software update that remediates the detected vulnerabilities. However, most IoT devices do not have a software update distribution model like that for PCs, so you bear the responsibility of staying current about and installing these updates. Failure to do so can leave your IoT platform and network vulnerable to hackers — amateur and sophisticated alike. Take the time to download new firmware and minimize the potential to have your device hijacked or, worse, lose valuable data.
2. Password protect all of your devices and accounts. The generic password issued with every device should be changed as quickly as possible. Additionally, every IoT device you manage through an internet-based account should be protected with a strong username and password that include a combination of numbers, letters and symbols. The more random this sequence, the better. It is imperative to avoid using the same password for multiple accounts. This differentiation prevents hackers from accessing multiple accounts with just one compromised password.
3. Create separate networks for your IoT devices. Most Wi-Fi routers support guest networking — the ability to give visitors a connection to your network without granting access to shared files or networked devices. The same type of separation works well for IoT devices that have questionable security as well. This means that if a hacker successfully intrudes your IoT network, she will be less likely to access your most important computer files.
4. Avoid IoT devices that require constant internet connection to operate. Many of the IoT devices on today’s market come paired with cloud-based services, meaning they are always connected to the internet. This consistent connection heightens their likelihood of sending sensitive data back to the manufacturer, thereby creating another potential security hole.
5. Turn off the Universal Plug and Play (UPnP) feature as soon as possible. In addition to slowing your router’s response time, this feature leaves your IoT devices, computers and other network devices vulnerable to attack. While it was designed to make it easier to connect devices to the network, UPnP is a poorly secured doorway that hackers can use to access your network.

This should not be considered an exhaustive list by any means, but a good starting point. Utilizing these tips can significantly improve your performance while minimizing your IoT network and devices’ vulnerability to hackers.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.