How To Secure Your Business’ IoT Devices
Internet of Things (IoT), or smart devices, can be a convenient way to automate or monitor parts of your business—but they can also be a huge security risk.
Any device that connects to the internet, like security cameras, payment systems, mobile card readers and smart locks, lights, speakers and thermostats—even President Biden’s Peloton bike—has the potential to be hacked by someone with ill intentions.
This isn’t some imaginary threat. You can find story after story after story of devices being compromised. If something has a microphone or camera, someone could potentially use it to listen in or watch. If a device has important information on it, someone could get access to it and steal it. If your business is secured by smart locks, someone could just walk in. And that’s assuming they don’t just use a security hole to get access to your entire network and, say, install ransomware on every computer. Scary, right?
While it’s easy to dismiss IoT device security and say that your business would never be at risk, this simply isn’t true. The internet has made every business a potential target, and small businesses most of all. If you’re using or installing IoT devices, here’s what you need to do to stay secure.
1. Change the default passwords (and use secure ones)
Many IoT devices ship with a default username and password. It makes things simpler for the manufacturer to set up and test. However, if you don’t change the password, anyone who knows it can log in. This is an especially big problem with smart security cameras.
The number one step in securing IoT devices is giving them a strong password. Don’t use an easily guessed, or weak, password (like Pa$$word or Password123) or reuse the same password you use for other accounts. Come up with something strong and unique for each device.
This means securing any accounts that connect to your smart devices as well. For example, if you use Amazon Alexa for your business, make sure your Amazon account has a strong, unique password, too. And because no one can remember all those strong, unique passwords, it’s a good idea to use a password manager to keep them secure across all your devices.
2. Have a separate guest Wi-Fi network
Allowing guests, customers or other non-employees to connect to the same Wi-Fi network as your smart devices is a dangerous security practice. It’s like leaving someone alone in your car with the keys in the ignition.
If you’re going to permit other people to connect to your Wi-Fi—or want to offer it to customers—set up a separate guest network. Most routers can do it.
A bonus, this also means all your important business devices will connect to a dedicated, uncongested network.
3. Secure your router and Wi-Fi network
Many router manufactures offer the ability to protect your network at the router level. This ensures that every device that connects to the internet through that Wi-Fi network is protected from cyber criminals. This is especially important when considering devices such as smart locks, cameras and speakers, as these devices cannot be protected by endpoint type security software as you would have for laptops and desktops.
Check with your internet service provider or router manufacturer to see if you have access to any sort of secure router service. This is the best way to maintain network security all the way down to the IoT devices.
4. Don’t use IoT devices unless you need to
While smart devices are undeniably cool to play with, when it comes to using them in your business, you need to be extra careful. Ask yourself why you’re using smart locks, web-enabled security cameras or smart speakers. Can you use regular locks, cameras and speakers instead?
In some cases, you really do want the features IoT devices bring. It’s awesome to be able to allow people into your shop with an app or check your security cameras from your smartphone—and that’s okay.
However, if you’re using IoT devices for these features, you need to take steps to secure them:
- Change any default access settings. You know about passwords, but also change things like the username to something secure.
- Disable any features you don’t use. Features such as remote access and Universal Plug and Play (UPnP) allow the potential for other people to control your devices.
- Do a security audit every few months. Check that no one has accessed your device, and create new strong passwords, making sure to update them in your password manager.
5. Keep your devices up to date
One of the biggest security flaws in a lot of businesses is that they don’t update their devices.
Security researchers and consultants are constantly trying to find new ways to hack into every device imaginable. When they find a new security hole, the manufacturers, at least of high-quality devices, update and patch their software.
If you don’t update your devices, you can leave them vulnerable to publicly known security flaws. Anyone with access to Google could work out how to hack into your systems. Every few months, take an afternoon and update every bit of IoT gear, computers and apps you can get your hands on.
6. Don’t store sensitive information on your IoT devices
There is no such thing as a 100% secure device. Hackers will always find new ways to gain access to things you don’t want them to. Securing your devices is about making it as hard and unfeasible as possible.
With this in mind, you should never store sensitive or important information on your IoT devices. For example, don’t leave months of footage uploaded to your security cameras, or have your home address or phone number in any kind of user profile. You want there to be no value for hackers in breaking in.
7. Don’t be afraid to ask for help
Device security is not something to take lightly. It can put you out of business. If you’re not sure you’re doing enough to secure your IoT devices or are worried about some particular setup, get some assistance to do it right.
Sometimes you’ll need to hire a security consultant but, most of the time, all it takes is someone you trust who has a bit of tech experience to double-check your work and bounce ideas off. Most hackers go after easy targets. You won’t be one if you stay ahead of things.