The Internet of Things (IoT), has become a hot topic in the technology field. The exponential sophistication and adoption of devices have experts comparing this to the third industrial revolution from steam and power to computers, referring to this wave of new device usage as Industry 4.0 or the fourth iteration of industry as we know it.
IoT is already bigger than you might expect - from doorbells, security cameras, weather stations, smart workout gear, baby monitors, and even coffee pots are streaming data and connected to the internet. As with any cutting-edge technology, IoT does have its kinks that still need to be worked out. The biggest being the security threat that adding IoT devices poses to your network.
To read more on what is IoT: click here.
The problem with IoT device security is that they are easily hacked, gateways to your entire network, and can't truly be protected by just a firewall.
In the first half of 2018, Kaspersky IoT honeypots detected 12 million attacks aimed at IoT devices coming from 69,000 IP addresses. By 2019 that increased to 105 million attacks from 276,000 IP addresses. Attempting to block all malicious IP addresses would be a huge and ineffective feat. Just recently, a Senior Researcher with Avast hacked into a WiFi-enabled coffee pot, devised a ransomware attack, and deployed it, causing the coffee pot to spew coffee and make noise until it was either unplugged or the ransom was paid.
The old castle-and-moat approach to cybersecurity - building an effective and strong firewall perimeter around your network, hasn't proven to be effective since smartphones and mobile devices have made working from home or on the go so easy. The more devices you connect, the higher the risk of a breach becomes.
Here at Sensible, we encourage the usage of IoT devices. They can be substantial productivity boosters, excellent solutions for your business needs, and can help your business scale. However, whenever introducing new devices to a client's network, we have to be cautious and mitigate the additional risk they pose to security. These are the steps we take to do so:
1. Evaluate the current security approach
As mentioned, only having a firewall isn't enough anymore. If we encounter a client that has not yet shed the castle-and-moat approach, we start by shifting their security to a more policy-based approach. Basically, this means we are adding extra security on the drawbridge over the moat. For every attempt to access the data, we put policies in place to prompt the user to verify they are who they are and that they should be accessing that information.
2. Be selective
With the addition of every IoT device, the security risks increase. We caution our clients against adding devices that they don't necessarily need. You shouldn't have to be accommodating for threats posed by your office coffee pot!
3. Research your options
As the need for IoT devices increases, the market is being flooded by tons of new products. Just like in purchasing a new computer, you should do your research to understand if the device is good quality, has the features you need, is compatible with your existing systems, and can be secured. Working with an IT partner like us, we can make informed recommendations on what you should be looking for, and even source the devices for you.
4. Configure the IoT devices adequately
Once you have settled on the device you would like to add, make sure you have technical support when configuring it. The majority of devices do not come out of the box set up to be secure. We can help add additional security or enact the devices existing security measures to ensure it doesn't become a liability.
Client Success Story: Recently, we helped a medical research company implement video cameras in their lab so they could adequately observe and record sample changes 24/7. We were able to help them evolve their security approach, determine the necessary devices required to achieve the solution they needed, source cameras that were compatible with their existing network, could add necessary additional security and featured the live streaming and recording options the lab required.
If you have a business need, we can help you find a sensible solution. We love to help businesses improve by crafting and offering informed technology solutions. Book a call with us anytime, and we'd be happy to lend you our expertise.
If your business relies on Microsoft 365, you may have noticed that on Tuesday, September 29th, there was a multi-hour outage. Microsoft confirmed via their Twitter account that the "residual issue has been addressed, and the incident has been resolved." Still, for many, this was a wakeup call to the fact that they need to have a backup form of business communication.
Businesses are moving towards more modern workplaces. Many of our clients no longer utilise landlines and handle all communication electronically via platforms like Microsoft Teams, so when Microsoft 365 went down, they found themselves without any way to communicate to their clients or conduct their business.
For everything in life, to be prepared, you should always have a backup plan. In these cases of technology outages, we would recommend putting together a Disaster Recovery Plan detailing what to do if any of your virtual systems fail. That way if something happens, your business will be able to take it in stride with minimal interruption.
For example, in the case of losing your communication method of Microsoft Teams, your Disaster Recovery Plan should:
1. Plan how you will notify your team that the Disaster Recovery Plan is being enacted
2. Designate your secondary communication platform(s) for external communication and internal communication
3. Define where calls or messages should be forwarded to
4. Designate who will be in charge of setting up the call forwarding, be sure to include updated personal contact information for this person
5. Craft a generic message that can be posted to social media channels or on your website to inform your customers of the best way to reach you
6. Designate who will be in charge of posting your external messages, be sure to include updated personal contact information for this person and how to access the necessary accounts or website
7. Be shared with your team and kept in an accessible place so anyone can reference it if needed
If you are working with an IT provider, it is essential to share this information with them so they can help you adjust as needed if the time comes. Additionally, you can utilise their expertise to ensure your Disaster Recovery Plan is well detailed and sure to support you through a crisis. If your business could use help creating Disaster Recovery Plans for your solutions, we would be more than happy to help you out.