Two years ago, the Internet of Things was a joke with a few very niche applications. Now, we are seeing these useful little wifi-enabled devices absolutely everywhere. Not only are they a consumer craze for the Smart Home trend, IoT devices have also begun to transform the way both industrial and office style businesses think about tech. The rise of office IoT has been a delight to both IT teams and non-IT employees alike. But there is a catch.
IoT has not existed very long and it's still a highly unregulated industry. There is no unifying dashboard, no single operating system that implementing admins can become familiar with to customize the use, function, and security of these devices. Security is a particular concern as many of them are wide open to the entire internet when they are connected and with limited software solutions, there is also little that admins can do. IoT devices have already been harvested and used for botnets, spying, and now there are malware variations roaming the internet just looking for a new device to brick or network-hack through.
To help IoT enthusiastic businesses everywhere, here's a quick guide on how to secure your IoT devices and keep your network secured from them.
1) Research Your IoT Devices
The first step is to make sure you understand all the known risks of any device you choose to integrate into the office environment based on a large set of customer reviews. Look for news stories about security breaches and comments about hacks or bricking in the product reviews. This should give you a reasonable idea of how secure the devices have been in the past, though there's no guarantee that a new loophole won't be found in the future.
2) Create a Separate Wifi Network
Do not run your IoT on the business network. This gives them direct access to your files and important systems, access they don't need and can inevitably only misuse. More to the point, hackers are constantly on the lookout for hackable IoT devices connected to a business network as this is one of their optimal chances to create a security breach and steal data.
Instead, do what many venues that offer guest wifi do. Use an entirely separate router to create a brand new and completely unconnected network for the IoT devices to join. They can still be controlled through the online dashboard but your business network will not be at risk from any IoT hacking.
3) Change All Passwords
The primary way that IoT devices get hacked is through default passwords. Few people, even IT professionals, think to change the internal passwords on each individual device which makes it possible for hackers to skim accessible devices trying out the default password and hacking wherever it's still in place. We suggest making a new password for every device. If you use a pattern or grouping password trick, try to avoid being predictable or one cracked password is a dozen cracked passwords.
4) Make Backups of Any Important Configurations
IoT devices cannot yet be reasonably trusted to provide reliable and hack-free service because they are not yet well-regulated enough. For this reason, you'll want to keep comprehensive backups of any data on your IoT devices that might be important. Assume that it could corrupt, be wiped, or otherwise need resetting at any moment.
5) Be Ready to Wipe and Restore At Any Moment
Finally, it's best to assume that at least one of your IoT devices will be targeted and hacked. If you see any sign of a misbehaving IoT device, your best bet is to wipe it back to factory settings and restore any preset configurations from backup. This is a great approach for almost any hack and is particularly viable for these small internet-enabled office devices.
The IoT trend is one of the most fun technological advancements ever made in the business world, but it's also not quite ready for prime time. While experimenting with IoT in the workplace can be enjoyable and quite useful, remember that these devices are still quite vulnerable from a security standpoint and therefore need to be kept safely away from the rest of your business network.