Five Security Tips for Protecting your Connected Business

This article is part of the Indiana IoT Lab Fisher's The State of IoT 2019 Inaugural Edition publication. The State of IoT highlights different ways the IoT affects the economy, technology and future vision of Indiana. Click to sign up and receive the full publication.
 

With the dawn of 5G connectivity on the horizon, there will be an explosion of Internet of Things (IoT) devices in society. By 2020, there is projected to be over 30 billion IoT devices worldwide. Bain & Company projects that combined IoT markets will grow to nearly $520 billion by 2021—nearly double what was spent in 2017. Some of the sectors that will have the largest IoT market share include Smart Cities, Industrial IoT and Connected Health.

However, with the influx of IoT devices will come a wave of security risks for all your internet connected devices and the data they collect. Here are five tips for your business to consider as it introduces IoT devices into its supply chain:

1. Change Your IoT Device’s Default Password: IoT devices may come with pre-installed passwords which can easily be compromised. You should consider changing your device’s default password to one that aligns with the National Institute of Standards and Technology’s (NIST's) password guidance. Some factors for implementing a NIST-compliant password for your IoT device include:

• Not imposing composition rules, such as requiring a mixture of different character types;
• The ability to use all special characters, but not being required to use special characters;
• Restricting the use of dictionary words;
• Restricting the use of context-specific words, such as the name of the device; and
• Restricting the use of repetitive or sequential characters.

2. Maintain a Separate, Secure Network for Your Devices: Having a separate network that is behind a firewall and constantly monitored can help ensure the security of your IoT devices. Consider having a virtual private network (VPN) that can encrypt your internet connection to ensure that data flowing through your IoT devices is secure.

3. Implement a Robust Patch Management System: Hackers will never take a break from trying to compromise networks and new technologies. This is why installing system updates and patches to address newly discovered security flaws is critical. Be sure your IoT devices are updated regularly or automatically download patches when released.

4. Avoid Unsecure, Public Networks: When connecting to Wi-Fi connections with your IoT devices (including mobile phones, laptops and tablets), be sure the network connection is secure and password protected. Unsecure networks can be easily manipulated by hackers and can put your device and data at risk.

5. Read Your Device’s Privacy Policy: Companies draft privacy policies to tell you how they collect data, use data and with who they will share that data. However, not all companies’ privacy policies are the same. It is important for you to understand what happens to the data your IoT devices collect and how that data is used and stored. For example, in the health application space, an interview with IIT-Chicago Kent College of Law professor Lori B. Andrews highlighted that of a random sample of the top 400 health applications on the market, over seventy percent (70%) of them shared intimate health information with data aggregators, with some aggregators subsequently providing that information to life and health insurers. Furthermore, of the random sample of health applications in the study, an overwhelming majority of them did not even have a privacy policy.

For more information, contact a member of our Internet of Things Industry Group.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.