As the Internet of Things continues to expand, IoT privacy threats are becoming a major concern for technology professionals and their clients. IoT spending will reach $772.5 billion in 2018, a 14.6 percent increase over the $674 billion spent last year, International Data Corporation predicts.
Unfortunately, security professionals fear IoT usage may be outstripping security safeguards, with 60 percent seeing the IoT as vulnerable to ransomware attacks, and 97 percent foreseeing the effects of breaches of unsecured IoT devices as catastrophic, according to a Ponemon Institute study. For example, a hacker who is able to breach a smart speaker such as Amazon’s Echo could potentially intercept personal data recorded by the device, including financial information.
For technology professionals, this type of risk makes it imperative to implement IoT security safeguards, both for themselves and for clients. Here are five steps to address common IoT security issues.
Don’t Connect When Not Necessary
One of the simplest ways to keep devices secure from Internet of Things attacks is not to connect them when it’s not necessary. Just because a device is capable of connecting to the IoT doesn’t mean it necessarily needs to be connected. Consider what functionality is needed from the device before deciding to connect it. Many device applications can now be run locally on-device without requiring an internet connection. For instance, Qualcomm’s Artificial Intelligence platform allows smartphones to run AI-powered applications such as speech recognition and facial recognition, reducing the risk of personal data from these applications leaking out onto the internet. Turn off Universal Plug and Play to avoid unnecessarily connecting network devices that can be hacked such as routers and printers.
Secure Device Access
Another fundamental strategy for using the IoT safely is to secure individual devices. Devices can be compromised if their passwords are left on the manufacturer’s default, if they use weak passwords, or if they share passwords with other devices. Using strong, unique passwords for each device will help reduce this risk; password managers can help you keep track of complex and varied passwords so you don’t have to remember them. Biometric authentication tools such as fingerprint and facial recognition can add another layer of security.
Use Separate Networks
Another way to protect IoT security is to use separate networks for specific devices. For instance, many Wi-Fi routers offer the option of guest networking, which allows visitors to connect to your network without providing them access to networked devices or shared data. Separate networks can be used to segregate devices where security vulnerabilities are suspected.
Keep Upgrades Current
Many IoT security breaches can be prevented by staying current with security patches. For instance, last year Arnis Security discovered a vulnerability that allowed Amazon Echo and Google Home devices to be hacked with just a Bluetooth connection. Amazon and Google immediately released patches that addressed the issue. In addition to security-specific patches, make sure to stay current on all upgrades to software as well as firmware.
Secure Data with User-Managed Access
Another important strategy for managing IoT privacy risks is User-Managed Access (UMA). UMA allows you to provide your employees and clients with the ability to control who can access their information, what information they can access, and under what circumstances they can access it. This can be used to restrict access to those who have “need to know” specific information. It can also shift liability away from your business by giving your clients control over their own security choices.
Minimizing unnecessary connections, securing device access, using separate networks, keeping upgrades current, and deploying User-Managed Access are five fundamental strategies for using the Internet of Things securely. Following these principles will help your company and clients’ IoT data protected.