Jamie Akhtar, CEO and cofounder of CyberSmart.
The Internet of Things (IoT) has a well-established place in almost every aspect of our lives. At home, our entertainment systems, personal devices and even our white goods and heating systems now come with connected capabilities.
The Reward
In our professional lives, the story is much the same. Most business infrastructure is now connected to the internet as standard practice. In many cases, this is a good thing. One of the many benefits of taking business activity online is that it increases convenience and usability, as well as ensuring that data from these functions is collated automatically for later viewing or analysis. All of this is key in enabling the growth and flexibility needed for businesses, particularly smaller ones, to thrive.
The Risk
However, as with everything online, for every corresponding piece of light, there is darkness. IoT devices have been responsible for a multitude of security incidents since their inception. Malware infection, DDoS attacks and vulnerability exploitation are all very real attack vectors actively targeting IoT and disrupting businesses. IoT specialist vendor Viakoo suggested that over 1 in 5 organizations (22%) “have had a serious or business-disrupting IoT security incident in the past 12 months.”
This is indicative of two main points: First, IoT attacks are rife and are being pursued by cybercriminals. Second, it shows that businesses of all sizes have embraced the benefits that come with IoT but without fully embracing the measures needed to keep themselves safe.
Small Business Risk
The risks associated with IoT for small businesses are inevitably sector-specific. For example, a small manufacturer is much more likely to have IoT in a mission-critical capacity, meaning that if connected equipment is compromised, the entire business could grind to a halt. An independent shop or office may have internet-connected or enabled CCTV, the compromise of which could leave them vulnerable to physical theft.
Another likely risk is a potential lack of structure or policy when it comes to connected devices. Smaller businesses are likely to scale up more dramatically than larger businesses when they do grow. As such, policies on things such as connected devices, employees bringing their own devices into the corporate network or general security best practices may get left behind.
This, in combination with the likely blurring of personal, social and corporate lines in smaller organizations, leaves them especially vulnerable—as does the probable lack of reserve capital to fall back on in the instance of a security incident.
How Small Businesses Can Protect Themselves
• Ensure that default passwords are not in use. Many of the IoT devices you’ll bring into your network come with applications to manage their use. Ensure that these accounts are protected with strong, hard-to-guess passwords. Additionally, ensuring things like your Wi-Fi are also protected with a unique, non-default password will provide an extra layer of security. While it may not be the final line of defense, it will certainly act as the first.
• Ensure that someone at your organization is responsible for updating and patching software. The cybersecurity news cycle is constantly awash with vulnerabilities researchers and threat actors have discovered. It’s paramount that someone is paying attention to these conversations. A vulnerability that is disclosed by a software provider or IoT manufacturer creates a flurry of cybercrime activity, with threat actors knowing that organizations are slow to apply patches. By ensuring you aren’t one of the slow ones, you minimize the chance that a piece of code running in your environment can be exploited.
• Stay on top of policies. Working with IT teams to understand what is an appropriate security policy for your organization for connected devices is crucial. Ensure that as the business grows or changes, these policies are reviewed and updated to reflect the business’s needs.
Connected devices are here to stay. So, staying on top of the associated risks they present is the only way to ensure that you can use their many benefits without leaving your organization exposed.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?