Smart devices are increasingly prevalent in our daily lives, so we must do our best to safeguard them and prevent malicious actors from succeeding in their attacks. These devices come under an umbrella term known as IoT (internet of things), which also means any device with the ability to communicate over the internet.
These include:
Speakers – Amazon Echo, Google Nest, Apple HomePod
Smart thermostat systems
Smart lighting
Home appliances, such as fridges
Security cameras
Smart TVs
However, these devices can often be overlooked when it comes to cyber security. This is why it's very important to make sure that we are thinking about the connections being made to them from outside your network.
Many businesses use smart devices either in their offices, from using smart speakers to play music, smart lighting within the workplace and having smart security camera systems across the workplace.
How can a smart device be affected?
Cyber hackers can try to remotely access a smart device, using security vulnerabilities, such as stolen passwords, the owner using default passwords and also through not using multi factor authentication.
Once they have access to one smart device, they can potentially access a whole network of devices, and even launch large-scale DDoS (distributed denial of service) attacks.
Recently over the years, there has been an increase in malicious actors targeting smart devices with weak passwords in their control systems and vulnerabilities from outdated software.
The results of this for a business could be losing access to their device and the network. For instance, security cameras are deployed extensively, so it's essential to ensure their integrity. This is because you wouldn't want unauthorised individuals to surveil your premises or identify other devices and vulnerable areas.
How can a business protect their smart devices?
Buy from reputable makers and sources
Many cheap smart devices are available online, however they can have varying levels of security features which may make them easier to compromise or expose your organisation to risk. We would recommend always buying smart devices from a reputable brand and trustworthy store.
Strong passwords
Always use strong passwords to protect your accounts for each smart device and always change or update a password whenever prompted. The NCSC recommends using three random words for passwords because they are easy to remember and strong enough to keep attackers out.
Multi-factor authentication
Make sure you enable multi factor authentication wherever possible for that extra step of security.
Software updates
Ensure that you use the latest software versions to remain updated with current security fixes for vulnerabilities in the devices and for better overall performance. Always update the software whenever prompted.
Disable unnecessary features and services
Many IoT devices come with features or services enabled by default that may not be needed for the business. Disable any unnecessary services to reduce potential attack surfaces.
Control access levels
As an employer, make sure you keep a log of what email accounts the smart devices are linked to, to ensure you always have access to it. Make sure they are work accounts and not your employees’ personal email accounts. And always make sure you remove access if someone leaves the business.
Port filtering
Ports are doorways into the network that allow certain information to enter and exit. By controlling which ports are open or closed you can manage the data to keep it secure. Controlling which ports remain open or closed enables us to manage and secure data effectively.
Imagine your network as a house, and the ports are like doors and windows. These "doors" allow certain types of information to come in and go out. By controlling which ports are open (unlocked) or closed (locked), you can manage the data that flows through your network and keep it secure.
Virtual Private Network (VPN)
Consider adding your devices to a Virtual Private Network (VPN) to enhance the security of your communications and protect your privacy. A VPN creates a secure, encrypted tunnel between your device and the internet, ensuring that all data transmitted and received remains confidential.
Consider using a reputable VPN provider with a strong track record of security and privacy protection to enjoy these benefits. It is important to choose a VPN provider that offers a variety of server locations, strong encryption protocols, and a no-logs policy (meaning that the provider does not keep records of your online activities).
If you’re not sure how to do any of the above, we recommend that you work with an IT expert to ensure you have the optimum security levels to protect your business from cyber hackers.
At the North West Cyber Resilience Center (NWCRC), we offer very low cost cyber security assessments and training sessions to help protect SMEs across the region.
Book in now for a Network Vulnerability Assessments to identify and rectify weaknesses within internal systems and connections.
Comments