IoT refers to the billions of personal devices, such as personal assistants, smartphones, wearable technologies, security systems, etc. that are connected to the internet, collecting and sharing data. The internet-connected devices that comprise IoT are helping businesses increase efficiency, reduce costs, conserve energy and a whole host of other benefits. However, with all of these benefits come risks to privacy and security. Remember that every new internet-connected device you use is another entry point for a cyber criminal. NCSA recommends businesses connect with caution, and take steps to secure these devices.
Cyber secure your smart business.
Before purchasing a new smart device, do your research. Check out user reviews on the product, look it up to see if there have been any security/privacy concerns, and understand what security features the device has, or doesn’t have.
Many IoT devices come with default passwords. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
Why? Because if a smart device’s security is compromised, it won’t grant an attacker access to your primary devices, such as laptops.
The moment you turn on a new “smart” device, configure its privacy and security settings. Most devices default to the least secure settings--so take a moment to configure those settings to your comfort level. Disable any features you don’t need.
When the manufacturer issues a software update, patch it immediately. Updates include important changes that improve the performance and security of your devices.
Particularly for listening devices or ones with cameras, think strategically about where you place them in your office. Do you really want an IoT device with listening or camera capabilities in the same room you have sensitive/confidential conversations with colleagues? Designate some of the areas of your office as “safe” rooms from IoT devices.
Don’t allow devices to be purchased or connected to your corporate network without first having been vetted by your trusted security professional.
This information is provided with permission from Stay Safe Online: https://security.virginia.edu/system/files/SmartBusiness.pdf
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.