Mobile and IoT Security Best Practices at the Office
For the billions of mobile and IoT devices that are used within organizations, IoT security professionals must consider using these IoT security solutions. According to research presented in a Cisco infographic, the number of “things” connected to the internet exceeded the number of people connected way back in 2008, and many analysts started reporting that there were more mobile devices on Earth than people starting back in 2014.
Picture every mobile device as a door into your network. Using bare minimal security that comes pre-installed on the device renders it a flimsy door. Effective security is achieved by observing mobile and IoT security best practices, including:
KEEP UP WITH UPDATES
While some updates may be time-consuming, it is important to implement them especially when they are security updates. These were probably created in response to attacks that already happened and can still happen to those unprotected by the update.
USE STRONG PASSWORDS AND MULTI-FACTOR AUTHENTICATION WHERE AVAILABLE
Many mobile services enable multi-factor authentication in which they will send a code upon login attempt. That code must be entered following the password. Passwords should always contain letters, numbers, capital letters, and special characters to keep them almost impossible to “figure out.”
ALWAYS-ON IOT DEVICES MEANS ALWAYS VULNERABLE
Every mobile device has multiple ways of communicating with other devices, including wi-fi, 4G-LTE, and Bluetooth. While it may seem more convenient to leave these switched on at all times, that is the equivalent of leaving doors open at all times. When not in use, switch them off.
Effective mobile management systems include the ability to “brick” a lost mobile device, removing all data and software completely via remote signal. The data is far more valuable than the device itself.
There are plenty of attractive looking apps out there, but the installation of one that contains malware can be disastrous. Approach each application with deep skepticism. Prove to yourself that its from a valid developer and is safe.
DEFAULT TO DEFENSE
Many applications and operating systems are installed with many security settings switched off. Wherever and whenever possible switch these on. While it may be less convenient operating your device with more security measures activated, nothing is less convenient than having to recover from a successful attack.
Why Does IoT Require Security?
To fully appreciate the exposure created by Internet of Things technologies, consider how Industrial Control Systems (ICS) work. Sensors are deployed throughout a building that measure ambient temperature, lighting, and presence of people. These all report back to the ICS which adjusts thermostats, opens and closes vents, and turns lights on and off based on current conditions. If nobody is present in a section of the building, services to that section may be turned off. Not only does this assure comfort and convenience, it also dramatically reduces expense for power consumption and HVAC.
Now imagine a building in Phoenix, Arizona or Houston, Texas in the middle of summer. A hacker reaches into the building’s ICS and shuts down all air conditioning. Talk about disruption of operations, it isn’t long before everyone working in that building must stream out to escape the stifling heat.
Exploited cameras may provide unauthorized parties visibility into offices and other locales. Exploited microphones in internet-attached devices such as personal assistants, once compromised, become an invisible eavesdropper.
More broadly, every “thing” connected to a network provides access challenges similar to mobile devices. Each one can be compromised, turning the billions of “things” into billions of potentially open doors to networks. Here are 8 times businesses got hacked by not securing IoT devices. It is critical to have a comprehensive cybersecurity plan to secure every “thing” that will be installed.
IOT SECURITY TRAINING
If you're ready to take the next steps, you could benefit from the following IoT cybersecurity training:
- THINK: IoTBIZ - Find the next scheduled course date
- BUILD: Certified Internet of Things (IoT) Practitioner (CIoTP) - Find the next scheduled course date
- SECURE: Certified Internet of Things (IoT) Security Practitioner- Find the next scheduled course date