Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Best Practices For IoT Security

The explosion of Internet of Things devices (IoT) onto the technology market has revolutionized how businesses operate. The endless possible applications of these incredibly diverse devices has led to a surge in quantity over the last 5 years that is expected to increase 20.4 billion by 2020.

As with any new technology, there are risks involved with the use of IoT devices. The devices are manufactured by different companies that include varying levels of cybersecurity protections. The current state of IoT security leaves much to be desired.

If you don’t proactively secure your IoT devices you’re leaving a huge vulnerability in an otherwise secure network. Below we have compiled some best practice guidelines to ensure your organization is prepared to implement IoT devices onto the network while maintaining strong network security.

Secure Management and Visibility of IoT Devices

First and foremost, it’s essential for any IT department to keep an up-to-date inventory of IoT devices connected to the network. A Ponemon Institute study found that fewer than 20% of IT respondents could identify a majority of their organization’s IoT devices.

This staggering statistic demonstrates the lax attitude surrounding IoT. Without knowing the identity of each device, it’s impossible to ensure they are all secured from outside attack.

Additionally, frequently checking for update patches is key to maintaining security considering not all IoT devices automatically patch themselves. When a vulnerability or exploit is discovered for a device, it’s up to the organization to be aware of patches that are released to remedy the issue.

You should also analyze the data that is being reported by devices. A common sign that your device has been hacked is irregular data being reported. Create a baseline of expected data results from IoT devices, and if new reports stray significantly from what’s expected, it could mean the device has been accessed by an outside actor.

https://s28241.pcdn.co/wp-content/uploads/2018/02/IoT-Security-blog-banner.jpg

IoT Device Security is Critical to Protecting Data

The diverse environment of IoT devices means there is a huge disparity between security levels offered by different IoT manufacturers. Many buyers are not properly evaluating the security of the devices they’re purchasing and it puts their organization at significant risk.

As always, make sure you are performing regular penetration testing on your network, as this is a foolproof method for discovering any holes that may be in your cybersecurity system.

The same Ponemon Institute Study mentioned above found only 45% of respondents require 3rd parties to allow access to their sensitive and confidential information to ensure compliance with security and privacy practices. If your vendors are not upholding high security standards, their devices are a greater risk to allow on the network.

Ultimately, what most bad actors are after is access to the data the IoT devices collect. The more data a particular device collects, the more valuable a target the device becomes. Given this, you should look to make sure each device is not collecting more data than is necessary. What should be equally considered is who has access to this data, and the other devices that handle it.

In addition to limiting how much data is collected, it’s important to limit who has access to the data. Evidence shows that the more users who have access, the greater the risk of exposure. Approximately 54% of the US workforce is perceived as potentially able to cause an accidental internal security breach. And if outside contractors have access to the data provided, you must ensure they uphold the same security standards so they do not become a hacking target themselves.

IoT Security with PKI Certificates

Besides conducting comprehensive reviews of the security of your devices, they should be supported by a robust and secure network. Utilize WPA2-Enterprise with EAP-TLS and certificate-based authentication to guarantee only approved network users have access to the network.

Certificate-based authentication is also the number one way network administrators have been gaining more visibility into their network. Issuing both machine and user certificates can place an identity to every network connection, granting real-time visibility that’s critical to keeping your network safe.

SecureW2 provides all the necessary tools to deploy a WPA2-Enterprise network with certificates. Our Cloud RADIUS and PKI solutions are a cost-effective method for providing certificate security, and our JoinNow solution and SCEP gateways can easily provision any personal or IoT device with a digital certificate.


Increase IoT Network Security Today

The potential for IoT to revolutionize how so many organizations operate is staggering, but it’s vital to go into this new frontier with strong device security. IoT devices have already become a massive target for outside actors, and this is only expected to continue. Check out SecureW2’s pricing page to discover if our cost-effective IoT security solutions can work for your organization.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Best Practices For IoT Security