IoT devices rarely get the level of managed monitoring most other devices do. However, making sure these devices don’t infect your customers’ corporate resources often only requires a few simple steps.
- Awareness: Most users are at least somewhat aware their computers can catch viruses. Fewer think of the security flaws inherent in IoT devices (until they see a service they use end up on the news). A simple reminder to your customers and their users can go a long way. Remind them that if it contains personal data or can be used to eavesdrop on them, it needs to be secured. The goal isn’t to scare people; you simply want them to be aware enough to take common-sense precautions to reduce their risk.
- Passwords: Password security is absolutely crucial for IoT devices. Make sure to set strong passwords for any devices under management and advise your customers and users to set strong passwords as well. Often, users may forget their smart thermostat has a web application that can be broken into, so remind them to think of locking down any devices that connect to the internet.
- Multifactor authentication: Most IoT devices have web portal pages, mobile apps, or both. For example, Wi-Fi enabled scales or blood pressure monitors might allow you to log in and track your biomarkers over time or even share this information with your doctor. This leaves potentially sensitive health information open to attack. Having users turn on MFA gives them an additional check in the event someone tries to break into their account.
- Mobile app permissions: We’ve mentioned both web and mobile applications, but this warrants its own discussion. Like any other mobile application, users should be wary of giving the app too much access. A smart thermostat doesn’t necessarily need to track your location, for example, or have the ability to read/write to social media accounts. Remind users to be careful of the access they give to applications.
- Segment your network: The other tips rely on users pitching in and remembering to do the right thing. But you can still take steps to avoid needlessly exposing your customers’ networks. If there’s a device you can’t manage, put it on a guest network and only allow approved devices and users onto the main network. This can help prevent an IoT device from being the entry point toward your most sensitive data on the network.
- Update: All devices need to remain up to date with the latest software and firmware. You can handle this yourself for any managed devices, but it’s worth impressing the importance of this practice on your users as well.
- Keep your other layers strong: IoT devices are only one part of your ecosystem. Make sure to keep strong layers on other elements—from patching to endpoint protection to email security. Additional devices do give criminals extra access points, but the fundamentals still apply.
Protecting the internet of things
IoT devices are nothing new. Each device can have its own intricacies and levels of security. However, despite the added complexity you can still protect the wider network and company data with a few simple steps.
We mentioned the importance of password security in this article. As the number of devices and application grows, maintaining strong passwords can quickly become hard to manage. SolarWinds® Passportal is built to help you enforce password best practices across your own team. It can help your team automatically generate strong passwords, gain one-click access to accounts, and can even let you quickly grant or revoke access as needed. Learn more by visiting passportalmsp.com.