Search Information Security site

 

Main menu

Cyber secure your smart business.

IoT refers to the billions of personal devices, such as personal assistants, smartphones, wearable technologies, security systems, etc. that are connected to the internet, collecting and sharing data. The internet-connected devices that comprise IoT are helping businesses increase efficiency, reduce costs, conserve energy and a whole host of other benefits. However, with all of these benefits come risks to privacy and security. Remember that every new internet-connected device you use is another entry point for a cyber criminal. NCSA recommends businesses connect with caution, and take steps to secure these devices.

Take Action Tips

DO YOUR HOMEWORK

Before purchasing a new smart device, do your research. Check out user reviews on the product, look it up to see if there have been any security/privacy concerns, and understand what security features the device has, or doesn’t have.

 

CHANGE DEFAULT USERNAMES AND PASSWORDS

Many IoT devices come with default passwords. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.

 

PUT YOUR IOT DEVICES ON A GUEST NETWORK

Why? Because if a smart device’s security is compromised, it won’t grant an attacker access to your primary devices, such as laptops.

 

CONFIGURE YOUR PRIVACY AND SECURITY SETTINGS

The moment you turn on a new “smart” device, configure its privacy and security settings. Most devices default to the least secure settings--so take a moment to configure those settings to your comfort level. Disable any features you don’t need.

 

UPDATE SOFTWARE

When the manufacturer issues a software update, patch it immediately. Updates include important changes that improve the performance and security of your devices.
 

THINK ABOUT WHERE YOU PUT THEM

Particularly for listening devices or ones with cameras, think strategically about where you place them in your office. Do you really want an IoT device with listening or camera capabilities in the same room you have sensitive/confidential conversations with colleagues? Designate some of the areas of your office as “safe” rooms from IoT devices.
 

CREATE A PROCESS

Don’t allow devices to be purchased or connected to your corporate network without first having been vetted by your trusted security professional.
 

Additional Resources

Cybersecurity and Infrastructure Security Agency: Securing Internet of Things

 

National Institute of Standards and Technology: What is the Internet of Things and how can we secure it?

 

National Cyber Security Alliance: IoT at Home: Secure your smart home

 
 
This information is provided with permission from Stay Safe Online: https://security.virginia.edu/system/files/SmartBusiness.pdf

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form