Whether it’s computer-equipped safety goggles for hands-free warehouse work, a fitness band to encourage employee activity and curtail healthcare costs or a shipping container with a temperature sensor to keep food fresh, connected devices are shifting from “gadgets” to go-to productivity tools for more effective businesses and workforces.
When it comes to securing the varied connected devices that make up the Internet of Things (IoT), however, it can get a bit hairy. These assets can be anywhere, doing things no one ever considered and without security precautions put in place for the more traditional devices that are connecting to the Internet.
Change perceptions, raise awareness
The problem is that many businesses don’t yet think of these new, connected devices as computers. Because of that, data often flows to and from them with little or no protection, which inadvertently gives hackers inroads into your network and systems, leaving you and your data exposed.
By raising risk awareness across your organization and by taking preemptive steps to protect connected devices and your network, you can enter this world of connectivity with a balance of optimism and caution while getting the most from IoT. Here are three key insights:
- Apply lessons learned from smartphone and tablet security:
- Encrypt data on devices, use a minimum of two-factor authentication to restrict access and use remote data wiping tools if a device is lost or stolen.
- Perform an end-to-end security risk assessment, including penetration testing for connected devices, to identify security weaknesses before an attacker does.
- Use threat management tools, such as firewalls, intrusion detection and web filtering to prevent unauthorized access and exposure to Internet threats.
- For each connected device, decide who should be able to access the data it captures and sends, how it should be viewed, from which locations and how it needs to be secured.
- Bypass the Internet for additional protection: Instead of using the Internet to connect IoT devices, consider using private networking services to enhance network security for data traveling from device to the cloud or other resources.
- Create a security-conscious culture:
- Share the responsibility of security with employees. They are your first lines of defense, so it’s important to educate them on proper procedures. If employees are taking devices outside the protection of your network perimeter, make sure they are aware of the risks and the potential impact to IT and security management functions.
- Engage your security team early. By consulting with them during the development cycle, you can address security issues to adopt new connected devices with more confidence and less risk.
About the Author
Michael Singer is the product marketing management AVP at AT&T. To learn more about AT&T’s work in IoT, visit business.att.com.
This blog post originally appeared on AT&T’s Networking Exchange Blog.