IoT Problems and solutions
We increasingly welcome “The Internet of Things (IoT)” into our lives. We enjoy the convenience, the promise of increased office efficiency and, truth be told, the novelty of it all. But not all the news is rosy: one glaring problem with this new technology, increasingly in the news, is the revelation that the big companies which provide this technology can “tune in” and gather data from these devices and their end users. “Big brother is watching you” has become far more than a science fiction term.
Manufacturers of these IoT devices have tried to calm anxieties over who’s listening and gathering information by stating that it is possible to “delete” a conversation or action. But taking the step of “delete this conversation” doesn’t eliminate or alter the intrusive nature of these devices. Bear in mind that even when a device is turned off or when data is deleted, the device can still track user behavior. That is, after all, what drives revenues for these manufacturers.
As problematic as that whole issue is, it’s not the largest looming threat from IoT. The real danger emerges from the casualness with which people treat these IoT devices, from smartphones to iPads and everything in between. They buy them and connect them to their networks. And herein lies the crux of the problem: these devices, for the most part, are not secure.
What that means is that, when a user plugs in any unsecured device, that action can create a direct link between that particular device and your business email. And your business email is the gateway to cyber attacks. Access via email is the most prevalent form of attack levied on infrastructures.
As a business owner, protecting your network should be top of mind. IoT is a real threat. So do not connect one of these devices to your network, and do not let anyone (employees, vendors) with access to your infrastructure connect an IoT device to your network – unless it is made secure.
Always remember that these devices are not secure. Before you connect any device to your network, take the appropriate steps to see that it is secured. This typically involves finding a software platform that provides the overall umbrella of protection. It is usually not an “off the shelf” solution found at your corner store.
Here’s another frequently overlooked cyber hazard: the security system and camera. If there is a camera in a building monitoring office security, odds are that it is not secure (similar to IoT devices). This too is a potential pathway to the business email and company infrastructure which unfortunately can yield high dividends for hackers and major headaches for the business.
A company’s IT firm or MSP musts serve as a relentless advocate for the security of the entire business infrastructure. Many don’t. And they should.
There are legislative proposals to require manufacturers to secure devices and close this glaring hole in cybersecurity.
In California, former Governor Jerry Brown signed into law SB327 which, starting January 2020, requires that any maker of an Internet connected or “smart” device ensure that the item has reasonable security features which will protect the device and any information contained therein from unauthorized access, destruction, use, modification or disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. Accordingly, there will be no more generic default credentials for a hacker to guess.
Other states are likely to follow. And the United States Congress is also considering legislation. But, even if this becomes a national trend, remember that manufacturers are not IT or cyber security experts. Their decisions are driven by bottom line revenue, not cybersecurity. While they may make a good faith effort to comply with any regulations that mandate securing their features, this is not a guarantee of total protection.
The IoT is the next frontier in the cybersecurity war. We need to all be certain that our connected devices carry the level of security needed to protect us from hackers. Take the time to talk with a cyber security expert to make certain that your network is protected. Alexa, Siri, smartphones and other devices are fun, but if not secured, they are the gateway to a world of trouble.