How To Protect Against an IoT (Internet of Things) Attack
Here are twelve security tips to help you prevent your business from falling victim to an IoT attack.
Software Updates: Keep the software for your computer network, servers, laptops, desktops, network switches, wireless routers, and any other devices up-to-date, particularly with the latest manufacturer security updates.
Strong Passwords: Never use default passwords for devices once you set them up. Change them and keep them secure. This means no sloppy password construction: like using your name, the actual word "password," or other easy-to-hack terms. Remove Post-It notes stuck on screens or cubicles that serve as password reminders.
Wireless Security: Wireless devices use certain security methods, and some are easier to hack than others. Disable Wi-Fi Protected Setup (WPS) and use only Wi-Fi Protected Access 2 (WPA2).
Home Security: Make sure that you and your employees take safe practices home, especially if any of you conduct business from home. The bad guys like to comprise home computers. They find the ones that connect to business networks, capture passwords, and quietly move into the business.
Data Backups: Invest in a data backup strategy, and make sure that you or designated IT person/team—knows how to restore your data in the event of disaster. If you lose a computer or a server that's critical to your company survival, proper backup and restore procedures will help you turn a potential disaster into a mere nuisance.
Get IT Help: Hackers rely on ignorance. If you have an IT person in your business, hold them responsible for security and insist they gain expertise—fast. If you don't have enough staff or in-house expertise, hire outside help to handle that responsibility. Managed service providers, like Solutrix, will assess your network, your website, and any connected devices that you have. They can help you decide what security measures you need to take to protect your company and then provide the most cost-efficient ones.
DDoS Protection: If your website lies at the heart of your business, and it makes you a lot of money, consider securing additional protection against a Distributed Denial of Service (DDoS) attack. Attackers can target you directly or you may just get caught in the crossfire when they go after your Internet Service Provider (ISP).
Credit Cards: Small business owners have complained about being forced to buy the latest credit card payment machines that include a chip reader. But this adds another layer of protection against hackers. Every IoT device serves as a potential entry point onto the network, and that includes credit card machines and bank accounts.
Physical Security: Even with all of the above safeguards in place and with top-of-the-line security practices in force, a business could still become a victim due to one insecure IoT point. Hackers could use an innocuous device sitting in the corner to unlock a company's physical doors remotely. They could then send in a local person to install sophisticated snooping devices that map keyboard strokes, record voice data, steal video streams off of computers, and so forth. With that information they can silently siphon bank accounts over a long period with what would appear to be a series of legitimate transactions.
Video Cameras:Surveillance technology has become incredibly affordable, and it's been deployed by many small businesses. Increasingly these devices can connect to the Internet, and that poses a threat. You should keep Internet-enabled devices—like video cameras—on a separate network from the primary business network that deals with customer financial transactions, like point of sale systems, intellectual property, or any form of regulated data.
Security Technology: Of course, small businesses still need the usual security technologies place: anti-virus, anti-malware, firewalls, encryption and, especially these days, ransomware protection.
Educate Employees:Most breaches, hacks, and ransomware result from human error; someone somewhere within the organization got sloppy or lacked proper security education—or both. And it's shocking how easy it is to trick employees. One company hired an outside organization to pretend to be its IT department. It sent employees emails asking for their user passwords. Out of 200 employees, 113 their passwords immediately.
Opening email attachments or links from unknown or unverified senders is a poor practice, yet it remains an easy, viable way to gain unauthorized entry. Employees need training on how to spot suspicious emails.
How can you tell if the email is NOT from your bank or from the IT department? Hover your cursor over the name shown as the sender. This identifies the sender's email address and will identify shady emails.
Security experts agree that ransomware attacks, which are usually triggered by an employee opening an email attachment that is from someone they don't know or filling out information in a spoof website designed to look legitimate, will only increase.
Building and maintaing a secure network and work environment doesn't need to be an expensive proposition. It can be acheived with the right expertise, using the right tools and acknowledging the weak links and fixing them.