In the recent years, the growth of Internet of Things (IoT) devices have changed how businesses interact with each other. Businesses have utilized connected devices as diverse as routers, phones, cameras, and printers to improve efficiency and create a better and more organized quality of business.
With IoT rapidly changing the landscape, it is also building security concerns. More devices mean more possible attack for intruders who want your data. A report from Symantec found a 600% increase in IoT attacks in 2017 alone, this means that cyber criminals could exploit any connect device. Although there has been an increase amount of attacks against IoT devices, there are steps you can take to protect your business.
Here are some best practices for making IoT devices more resistant to attacks
Unsecured IoT devices may be exploited within minutes of being connected to the Internet. In fact, just over a few month ago, security researchers found that an internal Equifax portal could easily be compromised by using default credentials. With that in mind immediately reset any default passwords with secure passwords.
Internet of Things (IoT) devices can be at risk from botnets (botnets are networks made up of remote controlled computers). 360 Netlab researchers have recently discovered that a botnet malware known as “satori” was exploiting a remote code execution (RCE) vulnerability in the D-Link DSL-2750B model router.
It is recommended to configure each device for automatic firmware updates. If automatic updates are not available, check for firmware updates and device patches on a quarterly basis to ensure IoT devices are current and running the latest firmware.
Use encrypted protocols to secure communications, especially if the device is used in the workplace. All web traffic should be using HTTPS, transport layer security (TLS), and Secure File Transfer Protocol (SFTP). Use Secure Shell (SSH) in lieu of TELNET.
In addition to slowing down your device, outdated features/apps leave your computer and network vulnerable to attacks. It is also recommended to remove apps/features that are not being used and disable or limit access to remote administration features.