The Internet of Things & Small Business Security

The Internet of Things & Small Business Security

April 21, 2020

As expected, cyberattacks on small businesses in 2020 continue to rise. Phishing attacks, malware and ransomware events are still significantly impacting small business workflow. By now, most business owners and admins are aware of these threats and have implemented security measures to help insulate their data. However, there is one specific attack vector that is gaining the popularity of cybercriminals, the Internet of Things.

The Internet of Things, or IoT as it is mostly referred to, is an extension of a network to different appliances, devices, or sensors. Devices like smart lightbulbs, digital assistants like Amazon Alexa, or network connected thermostats. While these devices provide significant convenience and potential for automation, they can also open a hole in your network security.

When a cybercriminal set eyes on your business, they attempt to identify weaknesses and IoT devices are notorious for leaving holes in network security. The thought of having your office lights on a timer and the temperature in the office being adjustable from your desk is a real draw. But what you gain in convenience you sacrifice in security. IoT devices are some of the most insecure devices due to a few factors:

User Interfaces – The app or operating systems that are used to configure these devices are typically clunky and difficult to navigate. This can lead to issues like not changing the default admin password or other security settings being activated.

No Real Standard – The lack of industry standards for IoT devices means there is a greater risk of insecure or incompatible devices attempting to communicate with each other.

Lack of Updates – IoT devices do not receive updates as regularly as our other devices like phones and computers. This means that if a vulnerability is found, it can remain unpatched for much longer than average. Meaning your network is susceptible for an extended period.  

So, what can you do to keep your IoT lifestyle and continue to protect your business and its assets? First, make sure that any IoT device you have is on a segmented network. This will keep unauthorized access to an IoT device limited to your secondary or guest network. Keeping your critical data out of the attacker’s reach. Secondly, check for updates regularly. This may require you to access the user interface or the device’s app, but it is crucial for any device attached to your network to be patched and updated often. Lastly, learn the device. Spend some time within the app that controls your IoT appliance and check out the security options that are available. Higher quality devices often have protection options or settings that can be turned on and customized to fit your business’ security needs.