The Internet of Things (IoT) refersto objects that incorporate network access to add functionality to the use we make of them. In recent years it has become one of the developments that is expanding the presence of technology in our lives.
Examples cover everything imaginable, from common household appliances to toys and even clothing accessories. Likewise, the applications we can find include areas as varied as industry 4.0, transportation, healthcare, or agriculture, to name just a few.
Precisely because they have access to the network, any IoT device has vulnerabilities that can be maliciously exploited. In fact, it should never be forgotten that many IoT elements arrive on the market with factory settings that need to be reviewed in terms of cybersecurity, as they often incorporate, for example, very basic and easy-to-discover passwords. That is why we begin our list of recommendations for protecting the Internet of Things with this point:
CHANGE THE DEFAULT PASSWORDS Where the product comes with a pre-established password (such as “admin” or”12345″), try to replace it with a personal password that meets the strengthrequirements to make it very difficult for third parties to find out. In general, it isadvisable to include a sequence of characters of more than eight elements,including upper and lower case letters, numbers, signs and special symbols. It is alsorecommended to change passwords regularly and not to use the same password onall devices.
CONNECTING TO A SECURE NETWORK It will not always be possible to follow the instructions in the previous section, as itmay happen that the device does not allow these types of modifications. In any case,always make sure that Internet access can be monitored and controlled by means of security devices that provide a barrier against possible intrusions (firewalls, etc.).
SEGMENTING IOT DEVICE ACCESS TO THE NETWORK To increase cybersecurity, it is possible to “compartmentalize” the way in which network usage is distributed, which adds a layer of protection that seeks, in the face of any unauthorized access, not to compromise the integrity, confidentiality and availability of the rest of the connected elements.
KEEP DEVICES UP TO DATE This measure will help us to incorporate the modifications that solve the vulnerabilities that have been detected, which reduces the risk of being a victim of an attack.
AVOID MANIPULATIONS THAT MODIFY SENSITIVE PARAMETERS OF THE PRODUCT Especially at home, it can be tempting to succumb to the instructions of a “tutorial” hosted on any web page that promises to improve the functionality of the device(increased speed, unofficial additions, etc.) by making illegal changes to the software or hardware that affect the integrity of the product. Such alterations can provide a gateway to privacy-invasive elements, while increasing the likelihood of a cyber-attack.
PRIORITIZE DEVICES THAT INCLUDE SECURITY BY DESIGN If we previously emphasized the responsibility of the consumer, we now draw attention to the commitment of manufacturers to incorporate measures that help protect their customers from possible cyberattacks. Care must be taken to ensure that devices follow the principle of least privilege, avoiding the availability of functions when they are not voluntarily activated. The official clauses laid down for data protection must be followed. In addition, the configurations required by the device must be made as easy as possible and communicated in a clear and simple manner. The latter will avoid security problems due to inadequate commissioning.
DISABLING COMPONENTS THAT ARE NOT IN USE IoT devices may incorporate cameras, microphones, etc., which it is advisable to limit to the immediate use we make of them, leaving them inoperative when their functionality is not required.
CHECKING THE INFORMATION THAT THE IOT DEVICE TRANSMITS TO THE NETWORK There are resources that allow locating the connected devices in a certain area. One of the most popular is Shodan. Among the information it provides we can find the IP address, and the ports and services that a device has in operation. This information is very useful to take care of security configuration aspects.
ACTIVITY MONITORING While we easily associate the term Internet of Things (IoT) with commercial utilities that proliferate in the market, it should be noted that, at the professional level, there is also an increasing presence of what is called IIoT (Industrial Internet of Things),i.e., the set of devices (sensors, etc.) that, connected to the network, transmit data relevant to improving the productivity of a company. There are SIEM solutions that make it possible to monitor the activity generated by these devices, thus controlling any irregularities that may be detected.
AWARENESS One of the best security measures available is information. Therefore, a responsibleuse of IoT devices requires learning to take care of the aspects concerning theirproper protection. A use that neglects this dimension exposes those who areunaware of the elementary measures that need to be known, as well as the threatsthat are increasingly being witnessed.
With these ten measures, it will be much more difficult to fall victim to a cyberattack.
Optimize your company’s security against cyber-attacks through a security audit and intrusion test