Five Tips To Secure IoT

Uploaded on 2018-07-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Internet of Things (IoT) has positively exploded into our daily lives. We see IoT devices everywhere, from our workplace to our homes. It is inevitable that a new technology will become ubiquitous after it hits the headlines, and thanks to the IoT, many have done just that, even if the headlines aren’t always positive. 

For instance, a young girl had an IoT toy that experienced a similar furor, a beloved doll called “My Friend Cayla.” The girl would ask the doll a question, which was then sent to an app that converted it to text. The text was then used to look the answer up online before returning the answer to the doll, and Cayla would then speak the answer back to the girl. 

That’s cute and exciting for a toy, but for a privacy expert, it was a bit creepy. In fact, German regulators agreed on the last sentiment and were concerned. They saw “My Friend Cayla” more as “My Spy Cayla,” and banned the doll on the grounds that it was a surveillance device. 

Negative headlines, indeed; and in fact, the IoT has been disparaged more than once for worries over surveillance and tracking, thanks to Cayla and other devices like the Amazon Echo. But look at the bright side, it can also be technology used for good. IoT wearables have saved lives, including the life of a 42-year-old patient at the Lady of Lourdes Medical Center that had been admitted with a heart arrhythmia. 

At the time, doctors had two courses of action, each dependent on knowing how long the arrhythmia had been occurring. With permission, they accessed the patient’s Fitbit and were able to ascertain the facts they needed to give him life-saving treatment. Beneficial IoT tech doesn’t even have to be worn, these days, you can even get a "smart mattress" that collects data on your sleeping patterns and helps improve your overall state of health. 

To make the most of what can be empowering technology, that technology must be simultaneously optimised to do its job while also not exposing personal data, as they do generate a generous amount of it. 

They also, generally, are custodians of other Personally Identifiable Information (PII), such as name, address, passwords and even your physical location. In the case of the man saved by his Fitbit, his wife gave consent to the doctors at that time to use that information created by the device, but what should or could be done if a location-enabled IoT device was utilized criminally to stalk someone?

With the following tips, you can help to keep the risk of leaked or stolen information to a minimum.

Tip #1: Buy Your IoT Device from a Known Supplier
Once you start using an IoT device, you will need to share your own PII and potentially lots of other types of data, depending on the device. This can include health data, home utility information, and your location. All these data sets are sent to a cloud repository, often via a mobile app. 

That’s a significant amount of personal data being shared with a third party, so it’s important to check the credibility of the supplier when purchasing an IoT device. 

Established suppliers with brand equity are more likely to adhere to industry standards and best practices like using “secure-coding,” security and privacy by design, and pushing regular software updates. Act like a lawyer and read the supplier's privacy policy. 

Identify why they must use your data, and make sure they don't include draconian clauses for reselling your data onto third parties. And if their privacy policy doesn’t exist? Don’t even consider buying. 

Tip #2: Secure Your Wi-Fi
Our homes are now becoming the hub of IoT devices. The “smart-home” is no longer science fiction but attainable for many people able to purchase devices such as the Nest, Ring Doorbell, and Amazon Echo that are easily available. 
To keep your smart home secure, you need to keep your home router secure. One of the main security issues of routers is that many come with default passwords. These passwords are often guessable, or brute forced by hackers. Change your router password to be complex as soon as you set up the router. 

Tip #3: Keep your IoT Device Up to Date
The WannaCry ransomware cyberattack was a stark reminder that software updates are not a luxury, but a vital necessity. Applying patches to computer software is just good, standard security practice--this is no less true of IoT devices. 
Unfortunately, research by Ubuntu found that 40% of consumers never actively update their smart device. If you can directly update your IoT device firmware, you should. If not, look to see how those devices are automatically updated, and if they are not, consider not using them. 

Tip #4: Keep Your Mobile Secure Too
Mobile apps and IoT devices often go together, the IoT sensors transfer data back to the app so it can be visualised by the human operator. Keeping your mobile phone secure by ensuring that the latest updates are installed helps keep your IoT-generated data safe. Also, make sure that the app you use with an IoT device is downloaded from a safe site, such as the manufacturer’s website or a legitimate app store. When you install the mobile app, check out the settings and ensure privacy permissions reflect your comfort level, including the configuration of the location services.

Tip #5: Device Stock Check
IoT devices are meant to connect to one another. In a home setting, for example, you can use Alexa to switch IoT light bulbs on and off, or open and close curtains, and so on. As such, you could potentially end up with several individual IoT devices linked together, so keeping an IoT device inventory would be smart. A tool like Cujo could help, as it keeps track of all devices connected to the internet, so you know what you need to secure, allowing you to then more easily control any situation. 

Keeping track of how your devices are operating will let you have an early view of unauthorised access.

Information- Management

You Might Also Read: 

A Guide To Addressing Corporate IoT Security:

Insurers Are Not Ready For IoT:

IoT Is Becoming A Nightmare For IT:
 

 

« Police Criticised For Face Recognition Failures
California Passes Its Own GDPR Law »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

XY Cyber

XY Cyber

XY Cyber enable Generative AI for Cyber Operations. We simplify the complex world of cyber threats into actionable strategies, empowering your defense with AI-powered solutions.