The Internet of Things (IoT) opens up endless possibilities for tech — both the good and the bad.
IoT devices have improved productivity, reduced home energy spending, and basically made lives easier. But they’ve also opened the backdoor for hackers and cybercriminals.
You might be thinking, “What could they possibly get from hacking my toaster?”
But no one’s laughing when hackers breach your corporate networks and retrieve a handful of sensitive information.
IoT began in the early 1980s, when a group of Carnegie Mellon University graduates connected a Coke vending machine to their local Ethernet. This allowed them to know if the machine is stocked or if the Coke bottles are already cold.
Today, billions of things are connected to the internet — from watches, switches, thermostats, and even coffee makers. Soon, we’re looking into IoT vehicles, infotainment systems, automated teller machines, and medical devices.
When it comes to cybersecurity, Singapore has a weak first line of defence.
In fact, almost half of Singaporeans have encountered at least one cybersecurity incident in the past year.
And despite 84 per cent of them that understood the risks involved, only 45 per cent installed security apps in their mobile phones.
This should concern SMEs and IT companies as they pick up on the bring-your-own-device (BYOD) trend. No matter how secure your system is, hackers will find every possible entry point to breach it.
You’ll never know the extent of a cyberattack until it happens to you. Don’t risk your business. Learn these five ways to protect your online assets in this IoT world.
One way of mitigating cybersecurity risks is to use a virtual private network (VPN) on your IoT devices.
A VPN-connected device encrypts all traffic running to and from it. Even if hackers intercept this traffic, they wouldn’t be able to interpret it. This keeps cybercriminals from launching targeted attacks, such as a distributed denial of service (DDoS).
This is also what a Secure Sockets Layer (SSL) certificate or HTTPS does. It encrypts traffic and makes it unreadable to a third party. Make sure to secure an SSL for your website — especially if it contains sensitive data about you or your customers and clients.
It’s basically impractical to install a VPN on every desktop and mobile device in an office network. A solution to this is using a VPN router, which automatically protects every device it’s connected to.
For BYOD policies, make sure employees install native VPN apps to protect their devices even outside the office.
A Russian hacking group got into several IoT devices of Microsoft customers due to two things: one device didn’t get a security update and the other still had its default password.
Through these compromised devices, the hackers were able to access and move across the network in search of high-value data.
Individuals and enterprises can learn from this incident. Most manufacturer default passwords are universal and easy-to-guess.
The UK-Singapore IoT security pledge also brought up this major concern. In their goal to improve the security of smart consumer products, they recommend manufacturers to avoid common security shortcomings — such as the use of universal default passwords.
Protect your devices against cybercriminals. Here are some tips to create a strong password:
Skilled hackers can still crack the strongest of passwords.
This is why a multi-factor login is essential for any IoT device.
Add a second layer of protection to your assets by implementing two-factor authentication (2FA). There are different types to consider, including:
To amp up your cybersecurity measures, you can implement multiple layers together for a three-factor authentication. This further minimises the attackable cyberspace — requiring the device, user, and application to authenticate the login.
Gone are the days when only desktop computers connect to a corporate network. Today, mobility is the norm, especially among digital enterprises.
Mobile devices, such as smartphones and laptops, make it easier to carry out the work.
For instance, web development agencies need them to test a website’s responsiveness to mobile. Plus, these agencies may be implementing BYOD — which further puts cybersecurity at risk.
The challenge falls to IT managers: How do you manage these devices with minimal security risk?
The solution is a good mobile device management (MDM) program. For a program to succeed, you’ll need reliable MDM software. This should benefit your business in many ways:
There are several recommended MDM software in the market, such as Cisco Meraki, Jamf, and IBM MaaS360.
Many corporate leaders are aware of the importance of cybersecurity. But not all of them are actually practising it in their businesses.
Truth is, good cyber hygiene is not just one department’s concern but the entire organisation’s.
All of your employees need to know the security threats they’re likely to face in the future. This includes how they work, how to identify them, and how to carry out the next steps upon getting them.
Here are some basic guidelines you can teach your staff:
Enhance cybersecurity training by testing your employees. Conduct a simulation of a phishing attempt or a DDoS attack and see how they respond. This brings your staff one step ahead of the real risks out there.
Most people make the mistake of thinking a cyberattack won’t happen to them. And when you’ve got clients and customers relying on you, you can’t afford to make this mistake. IoT can take your business to greater heights — but only if you put the right cybersecurity measures in place.
Make sure to be with a secure hosting provider that won’t compromise your business.
Other Stuff