As more devices become smart from televisions to wearable fitness tracking devices, these devices also become part of the enterprise. According to the Online Trust Alliance, consumer-grade IoT devices represent a threat to enterprise security – both the network and data – when not secured properly. Below are highlights from the Online Trust Alliance report: “The Enterprise IoT Security Checklist: Best Practices for Securing Consumer-Grade IoT in the Enterprise”.
- Be Proactive – take steps to understand what consumer-grade IoT devices are being used and examine the impact to enterprise security. Understanding the risk and planning is the first step
- Passwords – make sure none of your devices include hardcoded passwords. Apply strong passwords as you would with any other enterprise IT device
- Network – place IoT devices onto a separate network for better visibility, tracking and protection
- Manage functionality – today it seems like one device is packed to do just about everything. With consumer-grade IoT devices only leave on the functionality that is needed every day
- Encryption – look for devices and processes that support encryption for an added level of security
- Manage lifecycle and updates – do not use devices that can not be updated – software should be up-to-date. Lifecycle management applied to consumer-grade IoT devices can also be a useful tool for identifying devices that should be updated
- Examine physical access – the device should not be able to access the network through means such as ports or factory resets
Finally, education is important. End users need to understand the potential risk of consumer-grade IoT devices to enterprise data and the network. End users should also understand the process IT uses to review and secure. After all in today’s world of complex attacks, ensuring enterprise security goes beyond just a function of IT and is an essential element for all employees.
What steps are you taking to secure consumer-grade IoT devices in your organization?