The internet of things (IoT) is revolutionizing the way we do business. Connected devices are at the junction of our physical world and the cyber world, allowing us to follow supply chains in real time, monitor physical plants and remotely control security cameras, alarm systems, thermostats and a multitude of other devices. With connected devices, businesses can collect data in real time to make proactive decisions. However, with smart technology comes new security concerns. Each device connected to your network is a potential opening for hackers.
This vulnerability became dramatically evident with the October 2016 cyberattack that crippled popular websites such as Amazon, PayPal and Twitter. Hackers took control of connected household devices such as routers, security cameras, cable boxes and even baby monitors, and used them to launch DDoS (Distributed Denial of Service) attacks on DNS (Domain Name Servers) provider Dyn. Many of these connected devices have poor security protections. They are small with limited computing power. Software that runs these devices is rarely, if ever, updated. Passwords are often hard-coded, making it easier for hackers to break the code and gain access. Device manufacturers haven’t given the security issue the attention it needs. That may be changing with help from the U.S. Congress.
While the 2016 attack interrupted business and cost Dyn some clients, more harmful attacks may be in the future. Hackers, seeking to either make ideological statements or extort money, may be able to gain control of essential services by tapping into unsecured smart devices. Washington has taken notice. The Internet of Things Cybersecurity Improvement Act of 2017, if passed, would require that all internet-connected devices sold to the federal government have specific security protections. This would encourage manufacturers to produce devices that meet the required standards.
How to keep your business safe
Businesses can protect their network by following the same precautions with smart devices that they use for securing their websites. When setting up a device, don’t automatically use default settings. Always change the default passcode to a strong password using upper and lowercase letters, numerals and symbols. Enable passcode lockout and encryption if these features are supported. Finally, question the necessity of each device you add to your network. Is it really needed?
The opportunities created by the IoT are exciting, and manufacturers are quickly developing new ways to connect. In the rush to show off new products with new features, security has taken a backseat. Business, government and consumer awareness of the dangers this creates is pushing manufacturers to address the issue. Without government regulations, the onus falls on you and your cybersecurity plan to keep hackers out of your network.
This article was written by Gillian Burdett for CBS Small Business Pulse