How to avoid IoT pitfalls

Unfortunately, more connected devices means greater risk to consumers. Connected devices at home have an intimate relationship with their owners and, as such, pose a risk to their privacy. Smart devices can record users’ voices, movements, weights and eating habits, not to mention videotape them. In short, consumers must acknowledge that these products are not like traditional appliances; they are sophisticated sensing devices and must be treated as such.

Before buying and installing a smart device, consumers must first educate themselves about the potential “snooping” capabilities of the device. If they decide to buy one anyway, they should strive to acquire one from a known mainstream vendor. The device should then be installed and configured with security in mind: privacy settings must be changed from the default ones, and proper passwords must be selected. Still, even these practices would not secure the device from a persistent hacker.

Consumers must demand stronger security measures from the IoT service provider — at the very least, the provider must be able to inform users if their devices have been hacked.

IoT for the enterprise isn’t the same as IoT for homes; the main risk shifts to hackers using IoT devices to break into corporate networks and leak sensitive employee and customer information. Enterprises should approach with care when adopting IoT for the enterprise, and resist the temptation to connect everything to the web. The rule is: if the device doesn’t need to be connected, don’t connect it (or disable it from access to the web).

Enterprises should be able to identify and monitor all IoT devices within their perimeter, as well as ones outside the perimeter, such as remote devices they offer as a managed service.

Enterprises have the know-how to secure IT, but lack experience when it comes to IoT. It’s best to consult with IoT security specialists and vendors, and not rely on their existing manpower and know-how, which is simply insufficient to handle the security threats of IoT.  

Yotam Gutman is the vice-president of marketing for SecuriThings (www.securithings.com).

This article originally appeared in the July/August 2018 issue of Canadian Security.