Cyber attacks, which can cause damage in the millions, pose a high risk for many companies. Internet Of Things devices can be a gateway here – because the networking of machines, networked systems and smart devices at home create new starting points for hackers. Even in the private sphere, dangers are often underestimated or completely ignored. In the hybrid world of work, this can also result in risks for companies. Therefore, companies should rely on further training programs to ensure the necessary know-how both in the special teams and in the workforce.
More and more devices are smart and connect to the user’s network as well as to the manufacturer’s cloud – and thus open up access to confidential information, whether from private life or the corporate sector. The market for such functions and devices is huge, and many companies want to be part of this trend. There is often a lack of knowledge, time and money to make these products secure against attacks.
Table of Contents
The Following Points Should Therefore Be Considered Before Purchasing Smart Devices:
- Collect information about the specific product: Have attacks already become known? Has the manufacturer fixed the problem in the meantime?
- Does the product also work without the manufacturer’s cloud? Some companies have overstretched themselves and now have to shut down their cloud services to save money
- It is advisable to separate smart devices from the rest of the network or to significantly restrict their access. A guest account can be helpful here. Even if the smart device falls victim to a cyber attack, the computer is still secure.
- Where do the devices communicate? Any data uploaded to the cloud could possibly be exploited, sold or published through a data leak without being noticed. Even with a trustworthy company, it is not always clear which individuals (criminals, states, and intelligence agencies) have intentional or unintentional access to the data.
Also Read: How Small Businesses Can Improve Their Cyber Security
Arm Yourself With Training Against Attacks
With a view to these risks, companies should ensure that their employees are empowered to recognize security risks and protect the environment accordingly can. Because when new purchases have networked functions, it is also important to ensure appropriate security measures in their field of application. This increases the demands on those responsible for IT and OT: The key aspects here are to understand how the various security mechanisms work, to evaluate them from a security perspective and to apply them in practice. These include, for example, firmware analysis, security in wireless networks, and secure and reliable protocols.
In addition, the structure of an IoT communication architecture should be known in order to be able to correctly assess and ward off threats to IoT, to detect security gaps in a targeted manner and to be able to eliminate them. Here, too, the right ground can be prepared with targeted training. If in doubt, it is advisable evaluate complex IoT structures individually and secure them accordingly. Experts can support with specific advice.
Because the spectrum of possible attack scenarios is very large. With ransomware, for example, corporate data is at risk. It encrypts data and only releases it again for a ransom. Basic security measures should therefore be standard to protect against large-scale, automated attacks at a basic level. Employees outside of IT are also in demand here when it comes to their own password discipline or security in the home office.
General Recommendations:
- Keep the software on the devices up to date and import available updates immediately. This is especially true if the update closes a security gap according to the manufacturer’s description.
- Up-to-date software on the router is particularly important because it is directly connected to the Internet. If the router is no longer supplied with updates, it must be replaced.
- Do not allow configuration of the router via the Internet, only from the local network.
- Choose secure passwords that do not contain any words, personal information, simple number sequences or similar and are of sufficient length There are simple tricks to memorize such passwords. Password managers also make it easier to deal with many complicated passwords.
- Change all default passwords of a device before putting it into service.
Use 2-Factor Authentication When Offered
Whether at home or at work – the IoT not only offers considerable opportunities, but also some dangers for IT security. A basic understanding of how it works and the risks is essential in any case. In order to avoid serious damage in the professional context, companies should provide their employees with appropriate further training.
Also Read: The Five Most Common Data Risks In Companies